WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with the Download.Trojan - Please Help....

Started by termin8or , Nov 26 2005 07:40 PM

This topic is locked

19 replies to this topic

#1 termin8or

New Member

Authentic Member
10 posts

Posted 26 November 2005 - 07:40 PM

Hi,

Norton Antivirus is constantly popping up on my screen saying "Virus Alert" High Risk - Norton Antivirus has detected and removed a virus from your computer.

Object Name: C:\DOCUME~1\ADMINI~1...\5091.exe
Virus Name: Download.Trojan
Action Taken: The file was automatically deleted.

These nav virus alerts are popping up every hour with some new object name. When I first noticed these alerts (about close to 2 weeks now) there were some infected dll files that nav couldn’t delete. I was able to reboot into safe mode, rename and then reboot and successfully delete this time.

I have run sypbot s&d, adaware which detected some problems and removed them. I tried running trojan hunter and am currently running ewido security suite. They detected some problems too and have removed them, however, the download.trojan virus alerts won’t stop popping up. I posted my highjackthis log below for review.

Logfile of HijackThis v1.97.7
Scan saved at 5:32:17 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.109.189.51:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [DynSite] "C:\Program Files\NoelD\DynSite for Windows\DynSite.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Yahoo! Services (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc2.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} (Malicious Software Removal Tool) - http://download.micr.../WebCleaner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.dll
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft...DI/0/GDIChk.CAB
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...alls/yab_af.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: bwh0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: offline-8876480 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Advertisements

Register to Remove

#2 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 26 November 2005 - 10:58 PM

You need an updated version of Hijackthis which you can get from HERE.

#3 termin8or

New Member

Authentic Member
10 posts

Posted 26 November 2005 - 11:57 PM

Hi,

Thank you for the update. I downloaded the latest highjackthis and re-scanned the system again. The log is listed below for review.

I was gone for about 2 hours and had 4 new nav virus alerts. Same thing. The Download.Trojan.

Logfile of HijackThis v1.99.1
Scan saved at 9:50:25 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.109.189.51:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [DynSite] "C:\Program Files\NoelD\DynSite for Windows\DynSite.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: bw+0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q930613968.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

#4 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 27 November 2005 - 12:27 AM

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#5 termin8or

New Member

Authentic Member
10 posts

Posted 27 November 2005 - 11:03 PM

Hi,

I downloaded and ran CWShredder, it went through clean, no problems there. Ran the latest versions of spybot and adaware, this turned up a few problems and deleted them. The trend micro virus scan went through clean too, no problems there.

Ran ewido security suite and this detected some spyware and deleted them.

The nav security alerts are still popping up with the download.trojan virus. Listed below is the log for HijackThis and Ewido scan.

Logfile of HijackThis v1.99.1
Scan saved at 8:58:51 PM, on 11/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.109.189.51:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [DynSite] "C:\Program Files\NoelD\DynSite for Windows\DynSite.exe"
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: bw+0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: st3i - C:\WINDOWS\q930613968.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:44:46 PM, 11/27/2005
+ Report-Checksum: 903E517B

+ Scan result:

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ELU5GPGJ\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KJKF29CJ\mm[1].js -> Spyware.Chitika : Cleaned with backup

::Report End

#6 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 28 November 2005 - 08:32 PM

Please download MicroWorld scanner for the link below. Make sure that you choose all files and directories. I warn that the scan will tak a long time and will not fix anything. Once the scan is completed in the LOWER box hilight all the files there then copy (ctrl +c) and paste it into the thread please.

Here >>>> http://www.mwti.net/antivirus/mwav.asp

#7 termin8or

New Member

Authentic Member
10 posts

Posted 30 November 2005 - 08:18 PM

Hi, I went to the link as you instructed and I downloaded the eScan Anti-Virus (AV) for Windows 2.6 and installed it and ran the scan. It performed a long and lengthy scan in a seperate window titled "Virus Check". It finally completed however im not able to highlight all the files and copy/paste any of it. This window only allows you to highlight a file and view details for the virus which it deleted. The majority of these viruses found were under the Norton Antivirus\Quarantine folder. Prior to these results, upon installing eScan and scanning the system it detected a file infected with the Trojan.Downloader. The file was called weather.exe. The scanner prompted me to reboot which then seemed to delete this file. Im no longer seeing the nav virus alerts. By now i would have had at least 10 of them trojan.download alerts. Im not sure if the fix here was temporary or perm. I didnt think eScan would delete or fix anything as this was not the full registered version. What do you think? Any suggestions or do you need any other info from me that would help in deciding if this problem is still maybe there? Seems that with eScan running, NAV is no longer enabled.

#8 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 30 November 2005 - 09:06 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

#9 termin8or

New Member

Authentic Member
10 posts

Posted 02 December 2005 - 10:30 PM

Hi, Here are the results of the scan copied from the session log. The trojan.downloader was detected. ******** 9:56 PM: | Start of Session, Thursday, December 01, 2005 | 9:56 PM: Spy Sweeper started 9:56 PM: Sweep initiated using definitions version 576 9:56 PM: Starting Memory Sweep 10:00 PM: Memory Sweep Complete, Elapsed Time: 00:03:49 10:00 PM: Starting Registry Sweep 10:00 PM: Found Adware: elitemediagroup-mediamotor 10:00 PM: HKLM\software\ssprint\ (7 subtraces) (ID = 140214) 10:00 PM: Found Trojan Horse: trojan-downloader-2pursuit 10:00 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\st3i\ (10 subtraces) (ID = 954567) 10:01 PM: Registry Sweep Complete, Elapsed Time:00:00:19 10:01 PM: Starting Cookie Sweep 10:01 PM: Found Spy Cookie: bizrate cookie 10:01 PM: administrator@bizrate[1].txt (ID = 2308) 10:01 PM: Found Spy Cookie: about cookie 10:01 PM: baux owner@about[1].txt (ID = 2037) 10:01 PM: Found Spy Cookie: adknowledge cookie 10:01 PM: baux owner@adknowledge[1].txt (ID = 2072) 10:01 PM: Found Spy Cookie: pointroll cookie 10:01 PM: baux owner@ads.pointroll[2].txt (ID = 3148) 10:01 PM: Found Spy Cookie: affiliate cookie 10:01 PM: baux owner@affiliate[1].txt (ID = 2199) 10:01 PM: Found Spy Cookie: ask cookie 10:01 PM: baux owner@ask[1].txt (ID = 2245) 10:01 PM: Found Spy Cookie: belnk cookie 10:01 PM: baux owner@ath.belnk[1].txt (ID = 2293) 10:01 PM: Found Spy Cookie: atwola cookie 10:01 PM: baux owner@atwola[2].txt (ID = 2255) 10:01 PM: Found Spy Cookie: banner cookie 10:01 PM: baux owner@banner[1].txt (ID = 2276) 10:01 PM: baux owner@belnk[2].txt (ID = 2292) 10:01 PM: baux owner@bizrate[1].txt (ID = 2308) 10:01 PM: baux owner@compnetworking.about[1].txt (ID = 2038) 10:01 PM: Found Spy Cookie: 360i cookie 10:01 PM: baux owner@ct.360i[1].txt (ID = 1962) 10:01 PM: Found Spy Cookie: dealtime cookie 10:01 PM: baux owner@dealtime[1].txt (ID = 2505) 10:01 PM: Found Spy Cookie: did-it cookie 10:01 PM: baux owner@did-it[1].txt (ID = 2523) 10:01 PM: Found Spy Cookie: go.com cookie 10:01 PM: baux owner@disney.store.go[1].txt (ID = 2729) 10:01 PM: baux owner@disneyshopping.go[2].txt (ID = 2729) 10:01 PM: baux owner@dist.belnk[1].txt (ID = 2293) 10:01 PM: Found Spy Cookie: exitexchange cookie 10:01 PM: baux owner@exitexchange[2].txt (ID = 2633) 10:01 PM: Found Spy Cookie: gamespy cookie 10:01 PM: baux owner@gamespy[1].txt (ID = 2719) 10:01 PM: baux owner@go[2].txt (ID = 2728) 10:01 PM: baux owner@homerepair.about[1].txt (ID = 2038) 10:01 PM: Found Spy Cookie: homestore cookie 10:01 PM: baux owner@homestore[1].txt (ID = 2793) 10:01 PM: baux owner@hometheater.about[1].txt (ID = 2038) 10:01 PM: Found Spy Cookie: ic-live cookie 10:01 PM: baux owner@ic-live[1].txt (ID = 2821) 10:01 PM: Found Spy Cookie: infospace cookie 10:01 PM: baux owner@infospace[1].txt (ID = 2865) 10:01 PM: Found Spy Cookie: aptimus cookie 10:01 PM: baux owner@network.aptimus[1].txt (ID = 2235) 10:01 PM: Found Spy Cookie: nextag cookie 10:01 PM: baux owner@nextag[1].txt (ID = 5014) 10:01 PM: Found Spy Cookie: pricegrabber cookie 10:01 PM: baux owner@pricegrabber[1].txt (ID = 3185) 10:01 PM: Found Spy Cookie: questionmarket cookie 10:01 PM: baux owner@questionmarket[1].txt (ID = 3217) 10:01 PM: Found Spy Cookie: rc cookie 10:01 PM: baux owner@rc[1].txt (ID = 3231) 10:01 PM: Found Spy Cookie: tvguide cookie 10:01 PM: baux owner@rsi.tvguide[1].txt (ID = 3600) 10:01 PM: baux owner@sdc.tvguide[1].txt (ID = 3600) 10:01 PM: Found Spy Cookie: servlet cookie 10:01 PM: baux owner@servlet[2].txt (ID = 3345) 10:01 PM: baux owner@stat.dealtime[2].txt (ID = 2506) 10:01 PM: Found Spy Cookie: sexsearch cookie 10:01 PM: baux owner@tour.splash.sexsearch[1].txt (ID = 3358) 10:01 PM: baux owner@tvguide[2].txt (ID = 3599) 10:01 PM: Found Spy Cookie: yadro cookie 10:01 PM: baux owner@yadro[1].txt (ID = 3743) 10:01 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03 10:01 PM: Starting File Sweep 10:01 PM: Found Trojan Horse: trojan-downloader-daily-weather 10:01 PM: c:\program files\daily weather forecast (ID = -2147474081) 10:15 PM: Found Adware: tibs dialer 10:15 PM: xxx.lnk (ID = 79520) 10:20 PM: Found System Monitor: web surfer watcher 10:20 PM: tsarc.zip (ID = 87889) 10:26 PM: Warning: Invalid file - not a PKZip file 10:26 PM: Warning: Invalid file - not a PKZip file 10:26 PM: Warning: Invalid file - not a PKZip file 10:26 PM: Warning: Invalid file - not a PKZip file 10:26 PM: Warning: Invalid file - not a PKZip file 10:26 PM: Warning: Invalid file - not a PKZip file 10:26 PM: Warning: Invalid Stream 10:26 PM: Warning: Invalid Stream 10:26 PM: File Sweep Complete, Elapsed Time: 00:25:41 10:26 PM: Full Sweep has completed. Elapsed time 00:29:57 10:26 PM: Traces Found: 60 8:15 PM: Removal process initiated 8:15 PM: Quarantining All Traces: web surfer watcher 8:15 PM: Quarantining All Traces: tibs dialer 8:15 PM: Quarantining All Traces: trojan-downloader-2pursuit 8:15 PM: Quarantining All Traces: trojan-downloader-daily-weather 8:15 PM: Quarantining All Traces: elitemediagroup-mediamotor 8:15 PM: Quarantining All Traces: 360i cookie 8:15 PM: Quarantining All Traces: about cookie 8:15 PM: Quarantining All Traces: adknowledge cookie 8:15 PM: Quarantining All Traces: affiliate cookie 8:15 PM: Quarantining All Traces: aptimus cookie 8:15 PM: Quarantining All Traces: ask cookie 8:15 PM: Quarantining All Traces: atwola cookie 8:15 PM: Quarantining All Traces: banner cookie 8:15 PM: Quarantining All Traces: belnk cookie 8:15 PM: Quarantining All Traces: bizrate cookie 8:15 PM: Quarantining All Traces: dealtime cookie 8:15 PM: Quarantining All Traces: did-it cookie 8:15 PM: Quarantining All Traces: exitexchange cookie 8:15 PM: Quarantining All Traces: gamespy cookie 8:15 PM: Quarantining All Traces: go.com cookie 8:15 PM: Quarantining All Traces: homestore cookie 8:15 PM: Quarantining All Traces: ic-live cookie 8:15 PM: Quarantining All Traces: infospace cookie 8:15 PM: Quarantining All Traces: nextag cookie 8:15 PM: Quarantining All Traces: pointroll cookie 8:15 PM: Quarantining All Traces: pricegrabber cookie 8:15 PM: Quarantining All Traces: questionmarket cookie 8:15 PM: Quarantining All Traces: rc cookie 8:15 PM: Quarantining All Traces: servlet cookie 8:15 PM: Quarantining All Traces: sexsearch cookie 8:15 PM: Quarantining All Traces: tvguide cookie 8:15 PM: Quarantining All Traces: yadro cookie 8:16 PM: Removal process completed. Elapsed time 00:00:46 ******** 9:53 PM: | Start of Session, Thursday, December 01, 2005 | 9:53 PM: Spy Sweeper started 9:54 PM: Your spyware definitions have been updated. 9:56 PM: | End of Session, Thursday, December 01, 2005 |

#10 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 02 December 2005 - 11:27 PM

Please do anonline scan at the link below. It will not ix anything but is great or identiying bad iles. Once the scan has finished please post the log.

http://www.kaspersky...kavwebscan.html

Advertisements

Register to Remove

#11 termin8or

New Member

Authentic Member
10 posts

Posted 03 December 2005 - 01:49 AM

Hi, Ran the online scan of Kaspersky, listed below is the results of the scan copied from the log. ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Friday, December 02, 2005 23:42:29 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 3/12/2005 Kaspersky Anti-Virus database records: 153167 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Scan Statistics: Total number of scanned objects: 67068 Number of viruses found: 4 Number of infected objects: 139 Number of suspicious objects: 2 Duration of the scan process: 2764 sec Infected Object Name - Virus Name C:\From Old Drive\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip.mwt/asmend.exe Suspicious: Password-protected-EXE C:\From Old Drive\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Altnet2.zip.mwt Suspicious: Password-protected-EXE C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\54E26588.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\556A33DD.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\558B61BB.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58757351.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58AC1DFE.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58AC2800.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\58EB64D2.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\593A1FA3.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A553500.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5B930F9A.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C0F5513.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C580713.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C720BCF.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C9C46BC.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5CD378CA.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5CD622C6.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E023731.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F29475F.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5F5C5212.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5FA32402.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62332E24.tmp Infected: HackTool.Win32.XScan.23 C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\624339AB.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\627D1856.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62BC5529.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\630F39F6.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63263CBF.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\635344C7.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\63566EC3.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65647FF0.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65B15A86.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\65E0456A.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66460304.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\66462622.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\67D65184.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\68F70DBA.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\69605749.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C152A02.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6C8E457F.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6CC15032.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6CEA2842.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6CFA5712.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6D210B21.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F32464A.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FAE0BC4.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FDE6C7A.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7076712C.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\71A16DE2.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72CE32F2.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\72FF32BF.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\733B4595.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\738A0066.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\74AB0E40.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\762A76F9.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76383298.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\765C0BDA.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76C26C91.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76C81D6C.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\76EF517B.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79000CA5.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\797D521E.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79AC32D4.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79F05AC8.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7B6F343C.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7C97446A.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7C9C794D.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7CD7770E.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D0C35EB.exe Infected: Trojan.Win32.Dialer.mi C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7D551CC4.dll Infected: Trojan-Downloader.Win32.Delf.zu C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7FB460B3.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000017.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000018.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000019.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000020.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000021.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000022.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000023.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000024.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000025.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000026.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000027.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000028.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000029.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000030.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000031.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000032.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000033.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000034.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000035.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000036.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000037.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000038.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000039.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000040.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000041.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000042.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000043.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000044.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000045.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000046.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000047.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000048.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000049.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000050.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000051.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000052.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000053.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000054.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000055.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000056.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000057.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000058.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000059.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000060.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000061.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000062.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000063.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000064.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000065.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000066.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000067.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000068.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000069.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000070.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000071.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000072.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000073.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000074.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000075.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000076.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000077.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000078.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000079.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000080.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000081.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000082.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000083.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000084.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000085.exe Infected: Trojan.Win32.Dialer.mi C:\System Volume Information\_restore{A3E9EDEF-8A14-4137-8DD2-57445AE3297B}\RP1\A0000086.exe Infected: Trojan.Win32.Dialer.mi Scan process completed.

#12 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 03 December 2005 - 12:28 PM

Ok that they fine as they are sitting in either qurantine or system restore. You should clean out your quarantine and then your system restore. To clean out system restore you will need to turn it of and then back on. How are things running?

#13 termin8or

New Member

Authentic Member
10 posts

Posted 03 December 2005 - 06:29 PM

Hi, I have deleted all infected files that were in Quarantine and turned off system restore. The system seems to be fine except one problem. My Internet surfing experience has been extremely degraded. When I open up a browser it takes for ever to load up my home page and any other page that I choose to go to. Were talking like close to 2 minutes plus to load up a page. Worse than dial up. I’m on DSL, not the world's speediest service but at 3mb download speeds my pages were opening up rather instantly. It seemed to start doing that immediately after we downloaded and ran the scan for the MicroWorld scanner. Perhaps some IE or system settings were altered? Another question I have is, It should be ok to uninstall some of these scanners that we have installed over the past week by now? There are a few running in the background and most are only trials. What do you suggest? Thank you for all your help.

#14 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 03 December 2005 - 08:30 PM

You can remove the scanners.

Lets see i we can speed you uo a bit.

Download CCleaner from the link below and save it to your desktop. Open ccleaner and click on run cleaner.

http://www.majorgeek...wnload4191.html

Next download regseeker from the link below, save it to your desktop. Open regseeker clcik on "clean registry" then click on ok. Once the scan is complete majke sure "back up files" is checked then delteed all lines.

http://www.majorgeek...wnload2579.html

Reboot and post a new hijackthis log please.

Edited by Siggyx, 03 December 2005 - 08:31 PM.

#15 termin8or

New Member

Authentic Member
10 posts

Posted 03 December 2005 - 10:51 PM

Hi, we removed all the scanners that were downloaded and used during this clean-up. We ran CCleaner and regseeker. Not only is IE back up to speed, but the entire system seems to be responding a bit more quicker. Everything seems to be running smooth. No more virus alerts from nav. You da man.

The HJT log is listed below for your review. Please let me know what you think.

I have a question; you notice all those .dll files from "Program Files\Logitech\Desktop Messenger\"? That seems a bit ridicules. Would you think I should delete all those, or it shouldn’t really matter?

Also, should I run some other programs to keep me safe guarded from any other future viruses or Trojans besides just nav? I can register any if you think it would be recommended. Any suggestions here?

Logfile of HijackThis v1.99.1
Scan saved at 8:27:01 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.109.189.51:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [DynSite] "C:\Program Files\NoelD\DynSite for Windows\DynSite.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: SATARaid.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: bw+0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D5257A33-E243-471D-B413-786F16577FE6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Body Background

skin color theme