Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Please, HJT log help requested (II) !

Closed Thread
1 2 3

Join Date: Nov 2005
Posts: 14
Reputation: fgillon is an unknown quantity at this point 
Solved Threads: 0
fgillon fgillon is offline Offline
Newbie Poster

Re: Please, HJT log help requested (II) !

 
0
  #11
Nov 7th, 2005
Hi Crunchie, well I think my pC is running better and better at the time ;-) Thanks for your real professional advice because your help is really successful to my PC. I created a Restore Point and proceeded to delete all Symantec related files but some of them can't be deleted as they're used by another resource. Maybe I'll try to do it in safemode.

Here's my new post of logfile. Please note that an item I deleted with HJT is still coming back and is:
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)
Strange, isn't it?

Logfile of HijackThis v1.99.1
Scan saved at 19:11:32, on 7/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\alg.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\system12.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ssqrs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINDOWS\System32\system12.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .ssc: C:\WINDOWS\DOWNLO~1\Ubizen\SmartStart\NPSmartStart32.dll
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\§\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://www.deutschebank.be/multisec...rtStartCtl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} (Version Class) - https://www.deutschebank.be/multisec...StartSetup.cab
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O18 - Protocol: bw+0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\System32\ssqrs.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Windows System Service Framework (WSSF) - Unknown owner - C:\WINDOWS\alg.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)
Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Please, HJT log help requested (II) !

 
0
  #12
Nov 7th, 2005
You now have a different infection .

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this
    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk.
  • At this point press enter one time.
  • Next you will see:
    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.
  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\System32\ssqrs.dll

  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:
    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.
  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\System32\srqss.*

  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:

    • O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ssqrs.dll

      O20 - Winlogon Notify: ssqrs - C:\WINDOWS\System32\ssqrs.dll

  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
Last edited by crunchie; Nov 8th, 2005 at 5:11 am.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Quick reply to this message  
Join Date: Nov 2005
Posts: 14
Reputation: fgillon is an unknown quantity at this point 
Solved Threads: 0
fgillon fgillon is offline Offline
Newbie Poster

Re: Please, HJT log help requested (II) !

 
0
  #13
Nov 7th, 2005
Well, indeed I made an ActiveScan and I am really amazed about the amount of viruses, spyware, hacktools and dialers I have on my PC. It's just as if my PC is highway for malware programs. Hope I will get rid of all of them...
Thanks for your help and sorry to give you so much hassle with this!! So here is the logfile of HJT followed by ActiveScan and vundofix:

Logfile of HijackThis v1.99.1
Scan saved at 23:40:42, on 7/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\HiJackThis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ssqrs.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINDOWS\System32\system12.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .ssc: C:\WINDOWS\DOWNLO~1\Ubizen\SmartStart\NPSmartStart32.dll
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\§\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://www.deutschebank.be/multisec...rtStartCtl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} (Version Class) - https://www.deutschebank.be/multisec...StartSetup.cab
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O18 - Protocol: bw+0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O20 - Winlogon Notify: ssqrs - C:\WINDOWS\System32\ssqrs.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Windows System Service Framework (WSSF) - Unknown owner - C:\WINDOWS\alg.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)


Incident Status Location

Virus:Trj/Ranky.IU Disinfected Operating system
Spyware:spyware/searchcentrix No disinfected C:\WINDOWS\SYSTEM32\MGeekRemove.exe
Adware:adware/yoursearchengineNo disinfected C:\WINDOWS\winlogon.exe
Adware:adware/delfinmedia No disinfected C:\PROGRAM FILES\DelFin
Adware:adware/downloadware No disinfected C:\PROGRAM FILES\MLH
Adware:adware/elitebar No disinfected C:\Documents and Settings\\Favoris\Casino & Carrers
Virus:W32/Sdbot.EGG.worm Disinfected C:\!KillBox\xpjava.exe
Virus:Trj/Ranky.IU Disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDE1S9UP\proxi[1].exe
Adware:Adware/StartPage.AIW No disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ONEJ8HUN\is[1].exe
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\§\Application Data\Mozilla\Profiles\default\sxnjv514.slt\Mail\pop.tiscali-7.be\Inbox[Plats du jour grill sem 3 au 6 dec.doc.exe]
Virus:W32/Bugbear.B Disinfected C:\Documents and Settings\§\Application Data\Mozilla\Profiles\default\sxnjv514.slt\Mail\pop.tiscali-7.be\Trash[Plats du jour grill sem 3 au 6 dec.doc.exe]
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\10223810_8100_1788_7832_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\1049168_2400_1140_2620_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\1114332_3319904_1512_3744_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\1114332_3319904_1512_3744_79.41.tst1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\1114332_3660_1512_3760_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\131188_2004_1136_2228_75.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\131188_2004_1136_2232_75.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\131400_2320_1532_2364_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\131414_2400_1140_2448_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\131414_2400_1140_2648_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\131436_652_476_292_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\131830_3580_1504_3856_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\14352684_5504_1260_5576_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\1442414_1072_1688_4032_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\17039980_6092_1212_4524_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\18743884_6328_1168_5816_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\196802_468_272_532_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\196894_888_304_1468_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\196908_2344_1192_2400_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\197362_3580_1504_3904_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\20447566_6328_1168_6444_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\20447566_6328_1168_6444_79.41.tst1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\2097426_220_532_3444_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\2162946_3660_1512_3740_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\22217330_6328_1168_5140_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\25755968_7396_924_5424_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\262504_2636_2488_2352_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\2884136_704_1052_3692_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\2884136_704_1052_3696_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\3014926_3316216_1140_3808_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\327932_704_1052_1160_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\327988_2244_1568_2512_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\327990_1784_2012_1456_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\328302_3294656_272_1884_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\3473996_5404_996_5428_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\3604774_3316072_1140_3776_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\3604774_3316072_1140_3780_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\3604798_3860_1368_3784_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\393400_468_272_1984_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\393546_1164_1508_1080_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\4456716_5240_1224_5204_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\4457084_3648_816_3920_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\4850248_2532_264_416_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\4915674_3580_1504_3652_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\5243232_8100_1788_8128_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\524586_468_272_1988_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\524730_2592_1716_2000_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\524962_5232_2980_7836_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\5439782_3316216_1140_1212_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\5505640_3876_744_3956_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\5898772_3876_744_2960_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\590142_2244_1136_2300_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\590142_2244_1136_2304_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\590142_2244_1136_2396_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\590142_2244_1136_2444_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\590340_3440_596_3464_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\590382_2244_1136_2976_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\63701286_115039008_892_14740_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\655638_2760_288_2800_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\655638_2760_288_2800_78.41.tmp1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65898_1072_1688_2464_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65918_2140_1148_2192_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65918_2140_1148_2228_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65918_2140_1148_2264_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65918_2140_1148_2296_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65918_2140_1148_2380_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65918_2140_1148_2380_79.41.tst1
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\65972_892_2012_1256_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\721126_4692_568_4716_78.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\7274704_3896_1104_3928_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\7954788_3314600_1688_4044_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\852484_452_1216_4128_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\852594_2320_1532_3276_79.41.tst
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_145F.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_14B2.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_164E.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_1672.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_378D.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_3BD3.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_510F.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_7DC4.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_830E.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_AFF.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_B9A2.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_C2E2.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_C4F0.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_D035.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_D363.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_D910.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_DD7A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_E72A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_EEAC.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\§\Local Settings\Temp\k_EECF.tmp
Virus:Trj/Ranky.Z Disinfected C:\Documents and Settings\§\Local Settings\Temporary Internet Files\Content.IE5\YJQB83EF\uda[1].exe
Virus:Trj/Ranky.Z Disinfected C:\Documents and Settings\§\Local Settings\Temporary Internet Files\Content.IE5\YJQB83EF\uda[2].exe
Virus:Rootkit/FU.A Disinfected C:\Documents and Settings\§\msdirectx.sys
Virus:Trj/Reno.A Disinfected C:\memsetdll.exe
Adware:Adware/DownloadWare No disinfected C:\Program Files\MediaLoads\notify\notify.exe
Adware:Adware/Medload No disinfected C:\Program Files\MediaLoads\v1\ML.exe
Virus:Trj/Ranky.IU Disinfected C:\proxi.exe
Virus:Trj/Reno.A Disinfected C:\WINDOWS\alg.exe
Dialerialer.Gen No disinfected C:\WINDOWS\Belgium.exe
Dialerialer.Gen No disinfected C:\WINDOWS\Downloaded Program Files\058897be.exe
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\awvvs.dll
Virus:W32/Gaobot.KTI.worm Disinfected C:\WINDOWS\system32\bling.exe
Virus:Trj/Ranky.Z Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OLI3GPQJ\uda[1].exe
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\ddayx.dll
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\geebc.dll
Hacktool:Hacktool/Rootkit.Q No disinfected C:\WINDOWS\system32\hpdriver.sys
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i
Spywarepyware/Searchcentrix No disinfected C:\WINDOWS\system32\MGeekRemove.exe
Virus:W32/Mydoom.CE.worm Disinfected C:\WINDOWS\system32\ntdat32.exe
Spywarepyware/Searchcentrix No disinfected C:\WINDOWS\system32\reg2.exe
Hacktool:Hacktool/Rootkit.Q No disinfected C:\WINDOWS\system32\SLM32.sys
Adware:Adware/StartPage.AIW No disinfected C:\WINDOWS\system32\sstqn.dll
Possible Virus. No disinfected C:\WINDOWS\winlogon.exe

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\System32\ssqrs.dll

The second filepath entered was

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 160 'smss.exe'

Killing PID 696 'explorer.exe'


Killing PID 236 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\System32\ssqrs.dll Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------
Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Please, HJT log help requested (II) !

 
0
  #14
Nov 8th, 2005
Looking at the vundofix log, there was no second entry made for the tool to delete. Did you enter it, or was there an error?

Can you please do the following.

===============

Run HiJackThis, click "Scan", then check(tick) the following, if present:


O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ssqrs.dll (file missing)

O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINDOWS\System32\system12.exe

O20 - Winlogon Notify: ssqrs - C:\WINDOWS\System32\ssqrs.dll (file missing)

O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\System32\system12.exe
C:\WINDOWS\system32\wincntrl.exe

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Quick reply to this message  
Join Date: Nov 2005
Posts: 14
Reputation: fgillon is an unknown quantity at this point 
Solved Threads: 0
fgillon fgillon is offline Offline
Newbie Poster

Re: Please, HJT log help requested (II) !

 
0
  #15
Nov 8th, 2005
I tried to make a second entry within the Vundofix but I couldn't as it was directly jumping straight to HJT after the first entry. I'll try now what you advise me! Thanks!!
I'll let you know!
Quick reply to this message  
Join Date: Nov 2005
Posts: 14
Reputation: fgillon is an unknown quantity at this point 
Solved Threads: 0
fgillon fgillon is offline Offline
Newbie Poster

Re: Please, HJT log help requested (II) !

 
0
  #16
Nov 8th, 2005
Something strange is happening. I followed your tips, but could not find in HJT the item O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINDOWS\System32\system12.exe
Moreover when I went into Windows System 32 I could not find the files
system12.exe nor wincntrl.exe. In the new HJT log you'll notice it's still present. I set all my folders to view them even the system folders but could not localize the file. How this could be? Here's a new HJT log. Thanks for your help!!!!! Greetz

Logfile of HijackThis v1.99.1
Scan saved at 23:06:20, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .ssc: C:\WINDOWS\DOWNLO~1\Ubizen\SmartStart\NPSmartStart32.dll
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\§\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://www.deutschebank.be/multisec...rtStartCtl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} (Version Class) - https://www.deutschebank.be/multisec...StartSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1668C74-B070-4C8E-8348-8272008C33EB}: NameServer = 62.235.14.4 62.235.13.199
O18 - Protocol: bw+0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Windows System Service Framework (WSSF) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)
Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Please, HJT log help requested (II) !

 
0
  #17
Nov 9th, 2005
Try going to;

Start>>Run and type regedit
Press enter.
Navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MS Dns Service (WinNet)

If MS Dns Service (WinNet) exists , right click on it and choose delete from the menu.

Now navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MS Dns Service (WinNet)

If LEGACY_MS Dns Service (WinNet) exists then right click on it and choose delete from the menu.

==

Post a new log to confirm it is gone.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Quick reply to this message  
Join Date: Nov 2005
Posts: 14
Reputation: fgillon is an unknown quantity at this point 
Solved Threads: 0
fgillon fgillon is offline Offline
Newbie Poster

Re: Please, HJT log help requested (II) !

 
0
  #18
Nov 11th, 2005
I did what you told me but could not find the MS DNS Service (Winnet). However I have foun Winnet. Is this is the same as MS DNS Service or not?
I succeeded to install my Norton Antivirus back and it detected some remaining files of the hacktool.rootkit and put it into quarantaine. So maybe this is sufficient...
Anyway I really would like to congratulate you having helped me getting rid off that nasty virus!!! Thank you so much Crunchie ;-))))

Logfile of HijackThis v1.99.1
Scan saved at 15:20:01, on 11/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TIxDSL] C:\PROGRA~1\COPPER~1\BIN\WIN2K\tidslmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~4\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.4.1.5\InstallStub.exe -a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .ssc: C:\WINDOWS\DOWNLO~1\Ubizen\SmartStart\NPSmartStart32.dll
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\§\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {660B74E4-4E01-43DE-BB13-2BA2D643C05A} (SmartStartCtl Class) - https://www.deutschebank.be/multisec...rtStartCtl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {94B964F0-45CC-11D4-9F1D-0060085C7782} (Version Class) - https://www.deutschebank.be/multisec...StartSetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab
O18 - Protocol: bw+0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7B0DC7F0-52A1-432D-A00B-32F30E24EB8E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows System Service Framework (WSSF) - Unknown owner - C:\WINDOWS\alg.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)
Quick reply to this message  
Join Date: Nov 2005
Posts: 14
Reputation: fgillon is an unknown quantity at this point 
Solved Threads: 0
fgillon fgillon is offline Offline
Newbie Poster

Re: Please, HJT log help requested (II) !

 
0
  #19
Nov 11th, 2005
Damn, the virus seems still to be there because I get a shutdown screen when I start surfing on the net :-(( This is really unbelievable...
Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Please, HJT log help requested (II) !

 
0
  #20
Nov 11th, 2005
Originally Posted by fgillon
I did what you told me but could not find the MS DNS Service (Winnet). However I have foun Winnet. Is this is the same as MS DNS Service or not?
That will be the one . Once you get rid of that entry, you will be good to go.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Quick reply to this message  
Closed Thread
1 2 3

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC