Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus that wont go away!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus that wont go away!

Unread postby utdarkviper » July 3rd, 2006, 1:34 am

I have run many virus searches and sometimes I think they get the virus and delete it, yet I continue to have the same problems (slow computer, windows not opening, temporary freezing). I know that I got the virus from downloading what I thought was a virus-protection software, how ironic! It was called WinSysProtect. If you have any ideas on how to get rid of this please let me know!
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida
Advertisement
Register to Remove

Unread postby Navigator » July 3rd, 2006, 8:48 pm

Hello utdarkviper....welcome to MRU!

Please do this:

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop
  • By default it will install to C:\Program Files\Hijack This
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit>Select All; then click on Edit>Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

HiJack This Scan Results 12:24pm_7-4-06

Unread postby utdarkviper » July 4th, 2006, 12:22 am

Logfile of HijackThis v1.99.1
Scan saved at 12:20:39 AM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intellicast\Intellicast.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoDocReader Object - {39D36F7F-81ED-45DC-87A3-A51824966B06} - C:\WINDOWS\system32\pmkhe.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ian\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bw+0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\system32\pmkhe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida

Unread postby Navigator » July 4th, 2006, 10:24 am

Hello utdarkviper...

Credit: Atribune

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

VundoFix results listed first, then HiJack This results

Unread postby utdarkviper » July 4th, 2006, 12:28 pm

VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.3

Scan started at 12:16:15 PM 7/4/2006

Listing files found while scanning....

C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\ehkmp.tmp

C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.tmp
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.tmp
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\pmkhe.dll
Attempting to delete C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\pmkhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\ehkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.ini2
C:\WINDOWS\system32\ehkmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ehkmp.tmp
C:\WINDOWS\system32\ehkmp.tmp Has been deleted!

Performing Repairs to the registry.
Done!

-------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:26:17 PM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Intellicast\Intellicast.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ian\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bw+0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

------------------------------------------------------------

Thanks for helping so far! I really hope this will get rid of the problem...
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida

Unread postby Navigator » July 4th, 2006, 2:34 pm

Hello utdarkviper....well, we got rid of the Vundo..but you have WORM_SDBOT.BHF on your system which has backdoor capabilities...as such, I would be circumspect as to this computer's security if it is used for any secure or sensitive transactions.

You can read more about this here: http://www.trendmicro.com/vinfo/virusen ... HF&VSect=P and here: http://www.liutilities.com/products/win ... /windir32/

Let's see if we can get it to go:

1. First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

2. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

3.Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU

Now close all windows other than HiJackThis, then click Fix Checked.

4. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

5.Once in safe mode, we'll need to find a file and delete it:

    First, Reveal Hidden Files

    • Click Start.
    • Open My Computer.
    • SelectTools menu
    • Click Folder Options.
    • Select the View Tab.
    • Check Show hidden files and foldersin the Hidden files and folders section.
    • Uncheck Hide protected operating system files (recommended) option.
    • Uncheck the Hide file extensions for known file types option.
    • Click Yes.
    • Click OK.

6. Now, right-click start and select search. In the filename box type or paste windir32.exe. In the Look in box, make sure your hard drive is selected (C: ) and click Search. Delete this file when found.

7. Still in safe mode, run Ewido:
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode.


8. Go here and download and install JRE 5.0 Update 7. Click the link that says Download JRE 5.0 Update 7. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-1_5_0_07-windows-i586-p.exe to start the install.

Once you have it installed, click Start>>Run, type in appwiz.cpl and hit Enter. From the list, uninstall Java (jre1.5.0_03) and Java (j2re1.4.2_03).

9. Post back with:
  • The Ewido log
  • a new HJT log
  • let me know if you are having any problems with your computer.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby utdarkviper » July 4th, 2006, 5:44 pm

When i was following the list of things you gave me to do, on step #6 I was unable to find the file named "windir32.exe" when I was doing the search. Does this matter? I went on with the other steps like you said though and everything else was fine. Thank you for your help!



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:59:20 PM 7/4/2006

+ Scan result:



Nothing found.


::Report end

-------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:39:39 PM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Intellicast\Intellicast.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Ian\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: bw+0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FF2A02FD-CA19-42C4-9D99-D74415CB15CE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

---------------------------------------------------
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida

Unread postby Navigator » July 5th, 2006, 12:34 am

Hello utdarkviper...

The HJT entry is gone, but I still want to make sure that file isn't present on your system:

1. Please download FileFind from Atribune.
Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter Drive eg.. C:\
  • In the box labeled "File"
    • Enter windir32.exe
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here as a reply.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"


2. Then, please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby utdarkviper » July 5th, 2006, 1:41 am

FileFind still didnt find the file.
You did not say wether to delete the files PandaActivescan finds so I didnt, just in case, since i can delete them once you reply if you say to.

the results of the PandaActivescan are below:
--------------------------------------------------

Incident Status Location

Adware:adware/popmonster Not disinfected C:\Documents and Settings\Ian\Favorites\shopping\eBay.url
Adware:adware/maxifiles Not disinfected c:\program files\common files\Download
Potentially unwanted tool:application/funweb Not disinfected hkey_classes_root\clsid\{00A6FAF6-072E-44cf-8957-5838F569A31D}
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/elitebar Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.overture.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ian\Application Data\Mozilla\Firefox\Profiles\trii5pmh.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ian\Cookies\ian@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ian\Cookies\ian@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ian\Cookies\ian@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ian\Cookies\ian@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ian\Cookies\ian@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ian\Cookies\ian@questionmarket[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@adopt.hbmediapro[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@belnk[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@dist.belnk[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@gostats[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@searchportal.information[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ian\Local Settings\Temp\NoadwareBkupTemp\ian@xiti[1].txt
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida

Unread postby Navigator » July 5th, 2006, 5:32 pm

Hello utdarkviper....

I did some 'consulting' with other experts, and they agreed that if FileFind cannot locate the file it is gone from your system.

The PandaScan didn't find much either (that is good!), you can go ahead and delete the C:\Documents and Settings\Ian\Favorites\shopping\eBay.url file if you desire. We'll get rid of the cookies ina minute and can take care of the stray registry entries by doing the following:

1. Please do this:
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop


REGEDIT4

[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}]

[-HKEY_LOCAL_MACHINE\software\classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear the stray registry entries left behind by the malware.


2. Clear IE's Cookies and Cache

  • Close all instances of Outlook Express and Internet Explorer.
  • Go to Control Panel » Internet Options » General tab.
  • Click Delete Cookies.
  • Next to it, Click the Delete Files button.
  • When prompted, place a check in: Delete all offline content, click OK.

Clear Firefox' Cookies

  • Open Firefox.
  • Click Tools » Options.
  • Click the Privacy tab, then the Cookies tab.
  • Click the Clear Cookies Now button.
  • Then click OK to exit.

Clean Temporary Files

  • Go to Start » Run » type: cleanmgr » OK.
  • Choose (C: ) and then click OK.
  • Make sure these are the only ones that are checked :

    • Temporary Internet Files
    • Temporary Files
    • Recycle Bin
  • Click OK to remove them.
  • Click Yes to confirm the deletion.


How is your computer doing now...are you still having any problems? Let me know...if not we can finish up!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby utdarkviper » July 5th, 2006, 6:58 pm

Thank you so much for all of your help! I haven't had any problems recently and my computer is running just how it was when I first got it! I can't thank you enough! I'm just wondering what I should do with the file "fix.reg" now that it's merged into the registry? Should I put it somewhere for safe-keeping or can I delete it? Thanks so much for your help! :D
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida

Unread postby Navigator » July 5th, 2006, 9:22 pm

You are very welcome!

You can delete the fix.reg file...it's not likely to do you any good in the future... :D

Please reset hidden files:

To reset the Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the View menu and then click Folder Options.
  • After the new window appears select the View tab.
  • Scroll down until you see the Show all files radio button and unselect it.
  • check Hide protected operating system files (recommended) option.
  • check the Hide file extensions for known file types option
  • Press the Apply button and then the OK button and close the My Computer window.

Your HJT appears clean and I'm glad your system is running well with out problems! Please be certain to follow the reset system restore steps below!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. Disabling system restore will erase all prior restore points (and the infected files in them)...re-enabling system restore will set a NEW, CLEAN restore point!

    Disable WinXP System Restore
    Disable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. The only way to erase these files is to temporarily disable System Restore. You will lose all previous restore points which are likely to be infected.
    - Right-click My Computer, and then click Properties.
    - On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
    - Click OK twice, and then click Yes when you are prompted to restart the computer.
    If you are not prompted to reboot, do it on your own.
    -----------------------------------------------------------
    After the Reboot,
    Enable WinXP System Restore
    - Right-click My Computer, and then click Properties.
    - On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
    - Click OK twice, and then click Yes when you are prompted to restart the computer.
    The Disable/Re-enable System Restore sequence is not to be done regularly, but only once after the removal of malware.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy- Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner by Atribune. This program is for XP and Windows 2000 only. ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface. The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read [color]this[/color] article by Tony Klein. This an excellent read too: I'm not pulling your leg


Remember...be careful out there!
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby utdarkviper » July 5th, 2006, 10:55 pm

Theres another problem :( After this step...

After the Reboot,
Enable WinXP System Restore
- Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The Disable/Re-enable System Restore sequence is not to be done regularly, but only once after the removal of malware.

...Norton Internet Security popped up as soon as the computer was back at the desktop. This is what it looked like:
Norton Internet Security
Program Control
/!\ Medium Risk
Program Launch Monitoring has detected that an unrecognized
program is attempting to access the Internet using Microsoft
Generic Host Process for Win32 Services.
Details:
Time: 10:47 PM
Date: 7/5/2006
Launcher: C:\WINDOWS\system32\services.exe
Program: svchost.exe
What do you want to do?
[Block Always (Recommended) |v|]

I havent done the step to make Internet Explorer safer yet, although I dont use that browser I will do it anyway while I'm waiting for your reply. This is disappointing :( Please help!
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida

Unread postby Navigator » July 5th, 2006, 11:56 pm

Ahh...the old 'svchost' access to the internet issue...

In this case it seems legitimate to me....

More information about svchost.exe is found here:

http://www.bleepingcomputer.com/glossar ... on284.html here: http://ask-leo.com/why_does_svchost_acc ... ernet.html and here: http://support.microsoft.com/?kbid=314056

In all likelihood, this is to allow Windows to automatically update. If you have automatic updates turned 'ON', then you should probably allow it access...

If your AV is up to date, it should pick up on an infected 'svchost.exe' problem, and we just did multiple scans on your computer which came up clean.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby utdarkviper » July 8th, 2006, 8:35 pm

Okay I sorted out the svchost problem. It seems I had my firewall settings set too high so it would ask me every time my computer wanted to update the time or install Windows updates. So it's all good now! :D Thank you so much for your time and help! I don't know what I would have done! I wish I could return the favor somehow, but I wouldn't know how. lol Thanks again!

--Ian
utdarkviper
Regular Member
 
Posts: 30
Joined: July 3rd, 2006, 1:29 am
Location: florida
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 312 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware