1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Missing Explorer.exe and Not start bar or desktop. Only can use run from Task manager

Discussion in 'Virus & Other Malware Removal' started by cookiemonsternbr, Aug 6, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    It started when I ran spysweeper and Mcafee. They found W32/SdBot.worm.gen.by and sdbot.!FTP and Trojan.Bambo.Hosts.A

    I have done just about every spyware program and unti-virus program but I can not get rid of the Trojan. and I think I still have a Bug or something. Because When I re-booted All I got was a Blank Black Screen, the only thing I could do was Push Ctrl Alt, Delete and Use the RUN from Task manager. Dis how I am online now.

    Here are My Hijack this, smitfraud Log, fixwearout, and My ewido anti-spyware - Scan Report



    SmitFraudFix v2.81
    "Before safe mode"
    Scan done at 15:00:53.60, Sun 08/06/2006
    Run from C:\Documents and Settings\Administrator.J3RK\Desktop\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  2. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    :eek: SmitFraudFix v2.81
    "After Safe mode"
    Scan done at 15:00:53.60, Sun 08/06/2006
    Run from C:\Documents and Settings\Administrator.J3RK\Desktop\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End


    Fixwareout...
    Check for missing files
    .....
    C:\WINNT\system32\AUTOEXEC.NT not there
    .....
    End check for missing files
    .....
    VXD Check
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
    "VDD"=hex(7):00
    .....
    End vxd check
    .....
    please post this at the forum

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 9:52:36 AM 8/6/2006

    + Scan result:



    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
    C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35E.tmp -> TrackingCookie.Ad-logics : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqDA.tmp -> TrackingCookie.Ad-logics : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46E.tmp -> TrackingCookie.Bluemountain : No action taken.
    C:\RECYCLER\S-1-5-21-1390067357-1604221776-682003330-500\De5\[email protected][1].txt -> TrackingCookie.Clickzs : No action taken.
    C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt -> TrackingCookie.Com : No action taken.
    C:\Documents and Settings\Administrator.J3RK\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Euniverseads : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE5.tmp -> TrackingCookie.Hitslink : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCA.tmp -> TrackingCookie.Hypertracker : No action taken.
    C:\RECYCLER\S-1-5-21-1390067357-1604221776-682003330-500\De5\[email protected][1].txt -> TrackingCookie.Masterstats : No action taken.
    C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.
    C:\RECYCLER\S-1-5-21-1390067357-1604221776-682003330-500\De5\[email protected][1].txt -> TrackingCookie.Realcastmedia : No action taken.
    C:\RECYCLER\S-1-5-21-1390067357-1604221776-682003330-500\De5\[email protected][1].txt -> TrackingCookie.Realcastmedia : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp -> TrackingCookie.Ru4 : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> TrackingCookie.Ru4 : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35F.tmp -> TrackingCookie.Specificclick : No action taken.
    C:\RECYCLER\S-1-5-21-1390067357-1604221776-682003330-500\De5\[email protected][1].txt -> TrackingCookie.Specificpop : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEE.tmp -> TrackingCookie.Valueclick : No action taken.
    C:\Program Files\Yahoo!\YPSR\Quarantine\20050103183510.zip/WINNT/system32/drivers/etc/hosts -> Trojan.Bambo.Hosts.A : No action taken.
    C:\WINNT\system32\drivers\etc\HOSTS.bak -> Trojan.Bambo.Hosts.A : No action taken.
    C:\WINNT\system32\drivers\etc\hosts -> Trojan.Bambo.Hosts.A : No action taken.
    C:\WINNT\system32\drivers\etc\hosts.new -> Trojan.Bambo.Hosts.A : No action taken.


    ::Report end

    All the filed where deleted but the Trojan could not be removed.

    Please HELP ME!!!!!!
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    Hi and welcome to TSG,

    Please post a new HijackThis log and this time be sure word wrap is not on in Notepad as it's difficult to read it.
     
  4. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    NEW Hijackthis Log

    Logfile of HijackThis v1.99.1
    Scan saved at 3:00:54 PM, on 8/7/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv50.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
    c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\system32\taskmgr.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\MSN\MSNIA\msniasvc.exe
    C:\WINNT\Explorer.exe
    C:\Documents and Settings\Administrator.J3RK\My Documents\EXE\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
    F2 - REG:system.ini: Shell=userinit.exe,
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [Panda_cleaner_200583] C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavdr.exe 200583
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cookiemonsternbrat.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149891670934
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151561801028
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A716469B-6A3E-47E4-9A7B-CB1AF5D87AAA}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: bw+0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv50.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
     
  5. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    This is the hijack log I posted before and What My computer looks like When I reboot, After the Comuter has been on for over 24 hours the USERINIT.EXE leaves and Comes back when I am online for a long time. Tha tI has notest I have been having this Problem for OVER 2 weeks and Have been trying to fix it myslef I need help.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:50:33 PM, on 8/6/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv50.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
    c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINNT\system32\taskmgr.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\MSN\MSNIA\msniasvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Administrator.J3RK\My Documents\EXE\sdsetup.exe
    C:\DOCUME~1\ADMINI~1.J3R\LOCALS~1\Temp\is-3FUN5.tmp\is-LIT2N.tmp
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Documents and Settings\Administrator.J3RK\My Documents\EXE\HijackThis.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\NOTEPAD.EXE
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\system32\userinit.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
    F2 - REG:system.ini: Shell=userinit.exe,
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [Panda_cleaner_200583] C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavdr.exe 200583
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cookiemonsternbrat.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} (PictureItLauncher Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149891670934
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151561801028
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A716469B-6A3E-47E4-9A7B-CB1AF5D87AAA}: NameServer = 209.244.0.3 209.244.0.4
    O18 - Protocol: bw+0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {55335F87-DEBC-4867-A1F1-6E194BF11082} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv50.exe
    O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    Please post your Ewido scan log.

    Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Don’t do anything with it yet!


    Click here for info on how to boot to safe mode if you don't already know how.


    Reboot into Safe Mode.


    Double click WinPFind.exe
    • Click "Start Scan"
    • It will scan the entire System, so please be patient and let it complete.


    Reboot back to Normal Mode!


    • Go to the WinPFind folder
    • Locate WinPFind.txt
    • Copy and paste WinPFind.txt in your next post here please.
     
  7. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    i think i have tryied tha tis SAfe mode and it didn't work... I will try again. I wanted to know Why does it need to be done in after mode? (while I wait... doing a new scan with Ewido)

    Here is What Spydoctor found I forgot to post before.


    Spyware Doctor Activity Report
    Generated on 8/6/2006 8:07:57 PM
    Scans (basic information only):

    Scan Results:
    scan start: 8/6/2006 8:17:41 PM
    scan stop: 8/6/2006 8:56:25 PM
    scanned items: 78476
    found items: 43
    found and ignored: 0
    tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



    Infection Name Location Risk
    Tracking Cookie(s) C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][2].txt Low
    Tracking Cookie(s) C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt Low
    Tracking Cookie(s) C:\Documents and Settings\Administrator.J3RK\Cookies\[email protected][1].txt Low
    Trojan.Downloader.Agent.TI C:\Documents and Settings\Administrator.J3RK\Favorites\poetry.com free poetry contest, poems, publishing, links and chat.url High
    Trojan.Downloader.Agent.TI C:\Documents and Settings\Administrator.J3RK\Favorites\poetry.com poet search.url High
    Affiliated with Browser Hijackers C:\Documents and Settings\Administrator.J3RK\Favorites\tetris - miniclip.com.url Elevated
    eXact Advertising C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp Elevated
    Worm.WGAVN C:\WINNT\Debug\dcpromo.log High
    MediaMotor C:\WINNT\system32\objsafe.tlb High
    Medium
    Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Block Checker High
    Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Block Checker## High
    Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Block Checker##Order High
    Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Block Checker\Block Checker High
    Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Block Checker\Block Checker## High
    Block-Checker HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Block Checker\Block Checker##Order High
    Powerscan HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Power Scan Medium
    Powerscan HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Power Scan## Medium
    Powerscan HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Power Scan##Order Medium
    Windows AdService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdServX.dll High
    Windows AdService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdServX.dll## High
    Windows AdService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdServX.dll##.Owner High
    Windows AdService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdServX.dll##{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} High
    Windows AdService HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs##C:\WINNT\Downloaded Program Files\WinAdServX.dll High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC## High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC##NextInstance High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000 High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000## High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000##Class High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000##ClassGUID High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000##ConfigFlags High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000##DeviceDesc High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000##Legacy High
    Worm.WGAVN HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROTECTEDCONTENTSVC\0000##Service High
    Worm.WGAVN HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer##NoFolderOptions High


    Scan Results:
    scan start: 8/6/2006 9:07:32 PM
    scan stop: 8/6/2006 9:08:15 PM
    scanned items: 575
    found items: 0
    found and ignored: 0
    tools used: Hosts Scanner, ActiveX Scanner
     
  8. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 4:52:52 PM 8/7/2006

    + Scan result:



    C:\Documents and Settings\Administrator.J3RK\Local Settings\Temp\hostsbak.bak -> Trojan.Bambo.Hosts.A : Cleaned with backup (quarantined).
    C:\WINNT\system32\drivers\etc\hosts -> Trojan.Bambo.Hosts.A : Error during cleaning.


    ::Report end

    WinPFind

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
    Internet Explorer Version: 6.0.2800.1106

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    PECompact2 8/25/2005 1:35:16 PM 15677649 C:\WINNT\lpt$vpn.803
    qoologic 8/25/2005 1:35:16 PM 15677649 C:\WINNT\lpt$vpn.803
    SAHAgent 8/25/2005 1:35:16 PM 15677649 C:\WINNT\lpt$vpn.803
    UPX! 1/10/2005 4:17:24 PM 170053 C:\WINNT\tsc.exe
    PECompact2 8/25/2005 1:35:16 PM 15677649 C:\WINNT\VPTNFILE.803
    qoologic 8/25/2005 1:35:16 PM 15677649 C:\WINNT\VPTNFILE.803
    SAHAgent 8/25/2005 1:35:16 PM 15677649 C:\WINNT\VPTNFILE.803
    UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINNT\vsapi32.dll
    aspack 2/18/2005 6:40:14 PM 1044560 C:\WINNT\vsapi32.dll

    Checking %System% folder...
    FSG! 12/10/2003 4:36:10 PM 238080 C:\WINNT\SYSTEM32\DivXdec.ax
    UPX! 9/7/2005 11:50:32 PM 30311 C:\WINNT\SYSTEM32\navshext1.dll
    UPX! 9/7/2005 11:50:32 PM 18631 C:\WINNT\SYSTEM32\navshext2.dll
    UPX! 9/7/2005 11:50:36 PM 18631 C:\WINNT\SYSTEM32\navshext3.dll
    UPX! 9/7/2005 11:50:42 PM 18631 C:\WINNT\SYSTEM32\navshext4.dll
    Umonitor 6/19/2003 12:05:04 PM 529168 C:\WINNT\SYSTEM32\RASDLG.DLL
    PEC2 7/14/2005 11:37:58 AM 47495 C:\WINNT\SYSTEM32\vaqbaif.exe
    PECompact2 7/14/2005 11:37:58 AM 47495 C:\WINNT\SYSTEM32\vaqbaif.exe
    winsync 12/7/1999 5:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu

    Checking %System%\Drivers folder and sub-folders...

    Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    7/28/2006 5:34:40 PM H 1095368 C:\WINNT\ShellIconCache
    8/6/2006 3:20:24 PM S 64 C:\WINNT\CSC\00000001
    8/6/2006 2:53:38 PM S 64 C:\WINNT\CSC\00000002
    8/6/2006 1:28:38 AM S 64 C:\WINNT\CSC\csc1.tmp
    6/9/2006 3:36:26 PM H 0 C:\WINNT\inf\oem20.inf
    8/7/2006 2:59:48 PM H 1024 C:\WINNT\system32\config\DEFAULT.LOG
    8/7/2006 5:25:24 PM H 1024 C:\WINNT\system32\config\SAM.LOG
    8/7/2006 5:25:18 PM H 1024 C:\WINNT\system32\config\SECURITY.LOG
    8/7/2006 5:30:58 PM H 1024 C:\WINNT\system32\config\SOFTWARE.LOG
    8/6/2006 3:20:54 PM H 6 C:\WINNT\Tasks\SA.DAT

    Checking for CPL files...
    Microsoft Corporation 12/7/1999 5:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
    Microsoft Corporation 6/19/2003 12:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
    Logitech Inc. 12/10/2002 6:30:54 PM 114688 C:\WINNT\SYSTEM32\CamCpl.cpl
    Microsoft Corporation 6/19/2003 12:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
    Microsoft Corporation 12/7/1999 5:00:00 AM 31504 C:\WINNT\SYSTEM32\fax.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
    Microsoft Corporation 10/30/2001 9:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINNT\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
    NVIDIA Corporation 3/24/2004 10:04:00 AM 73728 C:\WINNT\SYSTEM32\nvtuicpl.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
    Microsoft Corporation 6/19/2003 12:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 6/19/2003 12:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
    Apple Computer, Inc. 4/11/2001 12:22:06 PM 287232 C:\WINNT\SYSTEM32\QuickTime.cpl
    12/29/2002 1:14:38 AM 81920 C:\WINNT\SYSTEM32\Startup.cpl
    Microsoft Corporation 6/19/2003 12:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
    Microsoft Corporation 6/19/2003 12:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
    Microsoft Corporation 12/7/1999 5:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
    Creative Technology Ltd 3/12/2002 9:00:00 AM 147456 C:\WINNT\SYSTEM32\USBAudio.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
    IBM Corporation 9/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
    Microsoft Corporation 12/7/1999 5:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
    Microsoft Corporation 6/19/2003 12:05:04 PM 41232 C:\WINNT\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...

    Checking files in %ALLUSERSPROFILE%\Application Data folder...

    Checking files in %USERPROFILE%\Startup folder...

    Checking files in %USERPROFILE%\Application Data folder...
    7/15/2006 11:52:26 PM 479 C:\Documents and Settings\Administrator.J3RK\Application Data\dm.ini

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Panda Antivirus
    {65756541-C65C-11CD-0000-4B656E696100} = C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
    {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus
    {65756541-C65C-11CD-0000-4B656E696100} = C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\ShellTit.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
    {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StopSignRCS
    {BB83FD23-AC96-472D-8AA2-7D8560A61D1A} =
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EAC_VirusScanner
    {46D570D9-71C8-44E5-A76C-AADFE94442CA} =
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
    {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
    {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\shell32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\shell32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\shell32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = C:\WINNT\System32\docprop2.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
    = %SystemRoot%\system32\faxshell.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
    = C:\WINNT\System32\docprop2.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
    PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
    Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
    PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
    ButtonText = Spyware Doctor :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    ButtonText = Messenger :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{653D93AF-C741-4e5e-8C1B-59BA43F93E16}
    ButtonText = Panda ActiveScan : http://www.pandasoftware.com/activescan
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    ButtonText = AIM : C:\Program Files\AIM\aim.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
    &Yahoo! Messenger = C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    History Band = %SystemRoot%\system32\shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
    {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    {F5735C15-1FB2-41FE-BA12-242757E69DDE} = ZeroBar : C:\Program Files\NetZero\toolbar.dll
    {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} = :
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    APVXDWIN "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
    !ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    NvCplDaemon RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    SpybotSnD "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    Panda_cleaner_200583 C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavdr.exe 200583

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    Spyware Doctor "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 149
    CDRAutoRun 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINNT\system32\Userinit.exe
    Shell = userinit.exe,
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr
    = avldr.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    = WRLogonNTF.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
    = wzcdlg.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 8/7/2006 5:39:52 PM

    Now what's the Next Step!!! READY and Waitting!! Thanks so much for helping!!:)
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    Please go to the following link and upload each of the following files for analysis and let me know what the results are please:

    http://virusscan.jotti.org/


    C:\WINNT\SYSTEM32\vaqbaif.exe
     
  10. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    Jotti's malware scan

    File: vaqbaif.exe
    Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
    MD5 2368002cc03d91de161d9e86d1559e91
    Packers detected: -
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found Win32:Agent-Q
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found W32/Agent.TC
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    Statistics
    Last file scanned at least one scanner reported something about: r_server.exe, detected by:

    Scanner Malware name
    AntiVir SecurityPrivacyRisk/RServer.1 riskware
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web X
    F-Prot Antivirus X
    Fortinet RAT/Remoteadmin
    Kaspersky Anti-Virus not-a-virus:RemoteAdmin.Win32.RAdmin.22
    NOD32 Win32/RAdmin.22 application
    Norman Virus Control X
    UNA X
    VirusBuster X
    VBA32 X
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    Go to the forum here and upload this (these) file(s):

    C:\WINNT\SYSTEM32\vaqbaif.exe

    Here are the directions for uploading the file:

    Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.
     
  12. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    Now what do i do next??? Thank you for helping!;)
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    It's either corrupt or got an unknown packer so it won't run but it is a downloader that attacks antiviruses so it should be deleted
     
  14. cookiemonsternbr

    cookiemonsternbr Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    117
    So That's Great... How do I delete it? and what's next to get rid/fix the other Bugs....


    Thanks so much for helping!!! ;P
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    I'll post back with instructions shortly. We have to edit the registry as well and I'm preparing the instructions.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Missing Explorer start
  1. presfox
    Replies:
    0
    Views:
    371
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490053

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice