Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

IE adds


  • This topic is locked This topic is locked
38 replies to this topic

#16 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 08 February 2006 - 01:23 AM

Ok done there were 3 which I removed.

    Advertisements

Register to Remove


#17 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 08 February 2006 - 08:59 AM

To help keep your PC clean follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

#18 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 09 February 2006 - 01:00 AM

Thanks for the help however I am still getting the pop-up problem with IE

microsoft antisyware is now detected Worm:Win32/VB.DA(Worm)

here is another log

Logfile of HijackThis v1.99.1
Scan saved at 5:53:56 PM, on 9/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Dan\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...4/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{246C8957-56D4-45BF-8E8C-91AA9BC7A757}: NameServer = 10.0.0.138
O18 - Protocol: bw+0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#19 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 09 February 2006 - 01:02 AM

Download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.

#20 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 10 February 2006 - 06:17 AM

I have run ewido and saved the log. here it is --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:13:36 PM, 10/02/2006 + Report-Checksum: 20D2E79E + Scan result: HKLM\SOFTWARE\Classes\CLSID\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Ignored HKLM\SOFTWARE\Classes\CLSID\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Ignored HKLM\SOFTWARE\Classes\SearchRelevancy -> Adware.SearchRelevancy : Ignored HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Ignored HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Adware.SearchRelevancy : Ignored HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Ignored HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Ignored HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Ignored HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Ignored HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Ignored HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Ignored HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Ignored HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Ignored HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Ignored HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Ignored :mozilla.9:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored :mozilla.10:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored :mozilla.11:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored :mozilla.12:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored :mozilla.13:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored :mozilla.14:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Ignored :mozilla.15:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Ignored :mozilla.19:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.20:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.21:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.22:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.23:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.24:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.25:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.26:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Ignored :mozilla.38:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Atdmt : Ignored :mozilla.45:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Ignored :mozilla.46:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Ignored :mozilla.47:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Ignored :mozilla.48:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored :mozilla.76:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.2o7 : Ignored :mozilla.77:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.2o7 : Ignored :mozilla.83:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored :mozilla.84:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored :mozilla.85:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored :mozilla.86:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored :mozilla.90:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored :mozilla.99:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored :mozilla.107:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Esomniture : Ignored :mozilla.108:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Esomniture : Ignored :mozilla.109:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Esomniture : Ignored :mozilla.116:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Liveperson : Ignored :mozilla.117:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Liveperson : Ignored :mozilla.118:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Liveperson : Ignored :mozilla.121:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.2o7 : Ignored :mozilla.122:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Clickbank : Ignored :mozilla.123:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored :mozilla.124:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.125:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.126:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.127:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.128:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.129:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.130:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.131:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored :mozilla.138:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored :mozilla.139:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored :mozilla.146:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Paycounter : Ignored C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-2a0c82a4-216d7126.class -> Downloader.OpenStream.y : Ignored C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-486c9904-255e1593.class -> Downloader.OpenStream.y : Ignored C:\Documents and Settings\Dan\Cookies\dan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored C:\Documents and Settings\Dan\Cookies\dan@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored C:\Documents and Settings\Dan\Cookies\dan@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored C:\Documents and Settings\Dan\Cookies\dan@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Ignored C:\Documents and Settings\Dan\Cookies\dan@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Ignored C:\Documents and Settings\Dan\Cookies\dan@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Ignored C:\Documents and Settings\Dan\Cookies\dan@valueclick[2].txt -> TrackingCookie.Valueclick : Ignored C:\Documents and Settings\Dan\Cookies\dan@z1.adserver[1].txt -> TrackingCookie.Adserver : Ignored C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\Cache\3D103E1Ed01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Ignored C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\Y1MZ2LAJ\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored C:\fdj.exe -> Trojan.LowZones.df : Ignored C:\Program Files\Microsoft AntiSpyware\Quarantine\4112D57E-E711-4477-A0EC-8BE396\F625B324-3F55-4011-977A-9CF023 -> Trojan.Delf.pu : Ignored C:\Program Files\Microsoft AntiSpyware\Quarantine\6438B72B-0DEF-4FAB-A9A5-F42D95\E0999616-7A35-4D36-B890-16B6ED -> Adware.SideFind : Ignored C:\Program Files\Microsoft AntiSpyware\Quarantine\9A1DFA04-C259-4ED9-9534-06B4E5\86F397DB-622E-4E54-8E5A-FDE7BC -> Adware.NewDotNet : Ignored C:\Program Files\Microsoft AntiSpyware\Quarantine\CAD0060E-6CD9-458C-9B3C-E1E2A0\7D018598-693A-415E-9E5A-482BD5 -> Hijacker.StartPage.nk : Ignored C:\Program Files\Microsoft AntiSpyware\Quarantine\F5F76ADB-24E4-444B-A2E0-9A47EB\5D891B01-127E-40EE-B21D-1AFAD8 -> Downloader.Dyfuca : Ignored C:\Program Files\Microsoft AntiSpyware\Quarantine\F5F76ADB-24E4-444B-A2E0-9A47EB\9E1006FA-F64E-4051-A3E3-EEBB1B -> Downloader.Dyfuca.dt : Ignored C:\Program Files\Microsoft AntiSpyware\Quarantine\FD47106F-EA27-4BD0-9224-F6D630\4BE28C8C-C70B-42E8-92B9-3BD5B0 -> Adware.Sahat : Ignored C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057965.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057966.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057967.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057968.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057969.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057971.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057972.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057974.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057976.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057979.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057980.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057982.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057991.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058294.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058295.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058296.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058297.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058298.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058299.exe -> Trojan.Dialer.ay : Ignored C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0067323.dll -> Downloader.Delf.vt : Ignored C:\WINDOWS\1.d -> Downloader.Delf.vt : Ignored C:\WINDOWS\clfmon.exe -> Downloader.Agent.is : Ignored C:\WINDOWS\Downloaded Program Files\gdnIN250.exe -> Downloader.Small.ayl : Ignored C:\WINDOWS\msnms32.exe -> Trojan.Delf.bj : Ignored C:\WINDOWS\SYSTEM32\links.exe -> Trojan.LowZones.df : Ignored C:\WINDOWS\SYSTEM32\shell32.exe -> Adware.WinAD : Ignored C:\WINDOWS\SYSTEM32\ShellExt\a5cerlF6a.EXE -> Trojan.Delf.bj : Ignored C:\WINDOWS\SYSTEM32\wudupdate.exe -> Downloader.IstBar : Ignored ::Report End

#21 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 10 February 2006 - 09:04 AM

Download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.

#22 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 10 February 2006 - 05:45 PM

Ewido report is posted above already in post #20.

#23 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 11 February 2006 - 08:27 AM

Ewido report is posted above already in post #20.


Yes but you had it set to ignore every thing

HKLM\SOFTWARE\Classes\CLSID\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Ignored
HKLM\SOFTWARE\Classes\SearchRelevancy -> Adware.SearchRelevancy : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Adware.SearchRelevancy : Ignored
HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Ignored
HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Ignored



#24 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 12 February 2006 - 02:57 AM

Ok then here it is --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 11:37:36 AM, 12/02/2006 + Report-Checksum: D1D8F83D + Scan result: HKLM\SOFTWARE\Classes\CLSID\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Adware.SearchRelevancy : Cleaned with backup HKLM\SOFTWARE\ohbbackup -> Adware.EliteBar : Cleaned with backup HKLM\SOFTWARE\ohbbackup\EliteToolBar -> Adware.EliteBar : Cleaned with backup HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} -> Downloader.Delf : Cleaned with backup HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} -> Downloader.Generic : Cleaned with backup HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup HKU\S-1-5-21-3431507009-1789323666-1533016006-1006\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup :mozilla.6:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.12:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.13:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.14:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.18:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.19:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.20:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.21:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.25:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.26:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.27:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.28:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.29:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.30:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.31:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.32:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.43:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.44:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.45:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.46:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.74:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.75:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.81:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.82:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.83:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.84:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.88:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.97:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.105:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.106:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.107:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.114:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.115:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.116:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.119:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.120:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.121:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.122:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.123:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.124:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.125:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.126:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.127:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.128:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.129:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.136:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.137:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.144:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-2a0c82a4-216d7126.class -> Downloader.OpenStream.y : Cleaned with backup C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-486c9904-255e1593.class -> Downloader.OpenStream.y : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Dan\Cookies\dan@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\Cache\3D103E1Ed01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\4N0H8VUX\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\fdj.exe -> Trojan.LowZones.df : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\4112D57E-E711-4477-A0EC-8BE396\F625B324-3F55-4011-977A-9CF023 -> Trojan.Delf.pu : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\6438B72B-0DEF-4FAB-A9A5-F42D95\E0999616-7A35-4D36-B890-16B6ED -> Adware.SideFind : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\9A1DFA04-C259-4ED9-9534-06B4E5\86F397DB-622E-4E54-8E5A-FDE7BC -> Adware.NewDotNet : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\CAD0060E-6CD9-458C-9B3C-E1E2A0\7D018598-693A-415E-9E5A-482BD5 -> Hijacker.StartPage.nk : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F5F76ADB-24E4-444B-A2E0-9A47EB\5D891B01-127E-40EE-B21D-1AFAD8 -> Downloader.Dyfuca : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\F5F76ADB-24E4-444B-A2E0-9A47EB\9E1006FA-F64E-4051-A3E3-EEBB1B -> Downloader.Dyfuca.dt : Cleaned with backup C:\Program Files\Microsoft AntiSpyware\Quarantine\FD47106F-EA27-4BD0-9224-F6D630\4BE28C8C-C70B-42E8-92B9-3BD5B0 -> Adware.Sahat : Cleaned with backup C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057965.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057966.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057967.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057968.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057969.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057971.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057972.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057974.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057976.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057979.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057980.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057982.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP318\A0057991.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058294.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058295.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058296.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058297.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058298.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP321\A0058299.exe -> Trojan.Dialer.ay : Cleaned with backup C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP356\A0067323.dll -> Downloader.Delf.vt : Cleaned with backup C:\WINDOWS\1.d -> Downloader.Delf.vt : Cleaned with backup C:\WINDOWS\clfmon.exe -> Downloader.Agent.is : Cleaned with backup C:\WINDOWS\Downloaded Program Files\gdnIN250.exe -> Downloader.Small.ayl : Cleaned with backup C:\WINDOWS\msnms32.exe -> Trojan.Delf.bj : Cleaned with backup C:\WINDOWS\SYSTEM32\links.exe -> Trojan.LowZones.df : Cleaned with backup C:\WINDOWS\SYSTEM32\shell32.exe -> Adware.WinAD : Cleaned with backup C:\WINDOWS\SYSTEM32\ShellExt\a5cerlF6a.EXE -> Trojan.Delf.bj : Cleaned with backup C:\WINDOWS\SYSTEM32\wudupdate.exe -> Downloader.IstBar : Cleaned with backup ::Report End

#25 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 12 February 2006 - 08:03 AM

How is it running and can I see another log from hijackthis.

    Advertisements

Register to Remove


#26 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 13 February 2006 - 03:28 AM

I am still getting the adds.

I ran another program called XoftSpy and deleted/modified all the registry keys and files it came up with. I did this as it was recommended for removing winfix 2006 which I have noticed is one of the adds that appears every now and then.

I ran ewido again and this was the report:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:13:23 PM, 13/02/2006
+ Report-Checksum: C8BD9DAD

+ Scan result:

:mozilla.8:C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\a5obt5cu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\4N0H8VUX\WinFixer2006FreeInstall[1].cab/UWFX6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\MJCRA5SH\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0067735.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0067736.exe -> Downloader.Agent.is : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0067737.exe -> Trojan.Delf.bj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0067738.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0067739.exe -> Adware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0067740.EXE -> Trojan.Delf.bj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP360\A0067741.exe -> Downloader.IstBar : Cleaned with backup


::Report End


and I have done another hijackthis log for you to look over.

here it is:


Logfile of HijackThis v1.99.1
Scan saved at 8:13:53 PM, on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Documents and Settings\Dan\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...4/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{246C8957-56D4-45BF-8E8C-91AA9BC7A757}: NameServer = 10.0.0.138
O18 - Protocol: bw+0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#27 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 13 February 2006 - 08:16 AM

Download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


#28 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 14 February 2006 - 11:42 PM

I ran vundofix and did the scan and it found not infected files.

heres a new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:41:11 PM, on 15/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dan\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...4/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{246C8957-56D4-45BF-8E8C-91AA9BC7A757}: NameServer = 10.0.0.138
O18 - Protocol: bw+0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {94D4D84D-34A0-429F-A58F-37A565480D29} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#29 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 February 2006 - 08:31 AM

Lets remove MessengerPlus! 3 in add and remove programs. You can reinstall it late with out the sponsors. Then let me know how it is running.

#30 htiev

htiev

    Authentic Member

  • Authentic Member
  • PipPip
  • 40 posts

Posted 18 February 2006 - 10:28 PM

I removed messenger plus 3 a few days ago and I am still having trouble. When I installed it, it was without sponsors and I was already getting the add problem before it was installed.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users