1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

What is VirusBurst?

Discussion in 'Malware and Virus Removal Archive' started by pegmorell, 2006/10/08.

Page 2 of 2
  1. 2006/11/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Psggy

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter ".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.

    Please do this also...

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Geri
     
    Geri,
    #21
  2. 2006/11/16
    pegmorell

    pegmorell Inactive Thread Starter

    Joined:
    2005/04/09
    Messages:
    75
    Likes Received:
    0
    What is VirusBurst

    Geri - Here are the two logs you requested. As usual, many thanks.

    SmitFraudFix v2.120

    Scan done at 12:12:58.43, Thu 11/16/2006
    Run from C:\Documents and Settings\grammy\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
    C:\Program Files\VirusBursters\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ----------------------------------------------------------

    grammy - 06-11-16 12:22:14.32 Service Pack 2
    ComboFix 06.11.9 - Running from: "C:\Download "

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))


    2006-11-13 15:50 53,248 --a------ C:\WINNT\system32\Process.exe
    2006-11-13 15:50 40,960 --a------ C:\WINNT\system32\swsc.exe
    2006-11-13 15:50 4,470 --a------ C:\WINNT\system32\tmp.reg
    2006-11-13 15:50 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
    2006-11-13 15:50 135,168 --a------ C:\WINNT\system32\swreg.exe
    2006-11-04 14:14 1,245,696 --a------ C:\WINNT\system32\msxml4.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-16 12:16 -------- d-------- C:\Program Files\Common Files
    2006-11-15 23:17 -------- d-------- C:\Program Files\MSXML 4.0
    2006-11-15 23:17 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-15 16:39 -------- d-------- C:\Program Files\Common Files\Symantec Shared
    2006-11-13 17:28 -------- d-------- C:\Program Files\Paint Shop Pro 6
    2006-10-30 13:01 -------- d-------- C:\Program Files\Copernic Agent
    2006-10-18 10:38 -------- d-------- C:\Program Files\Google
    2006-10-13 10:35 -------- d-------- C:\Program Files\Grisoft
    2006-10-13 04:35 65536 --a------ C:\WINNT\system32\nwwks.dll
    2006-10-13 04:35 64000 --a------ C:\WINNT\system32\nwapi32.dll
    2006-10-13 04:35 142336 --a------ C:\WINNT\system32\nwprovau.dll
    2006-10-13 02:23 163584 --a------ C:\WINNT\system32\drivers\nwrdr.sys
    2006-10-08 13:52 -------- d-------- C:\Program Files\Gateway
    2006-10-08 13:12 -------- d-------- C:\Program Files\SpywareBlaster
    2006-09-12 21:01 1084416 --a------ C:\WINNT\system32\msxml3.dll
    2006-08-25 07:45 617472 --a------ C:\WINNT\system32\comctl32.dll
    2006-08-21 04:21 16896 --a------ C:\WINNT\system32\fltlib.dll
    2006-08-21 01:14 23040 --a------ C:\WINNT\system32\fltmc.exe
    2006-08-17 04:28 721920 --a------ C:\WINNT\system32\lsasrv.dll
    2006-08-17 04:28 132096 --a------ C:\WINNT\system32\wkssvc.dll
    2006-08-16 03:58 100352 --a------ C:\WINNT\system32\6to4svc.dll
    2006-08-09 20:37 29784 --a------ C:\Program Files\popcorn Terms.html


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
    "LDM "= "\\Program\\ "
    "Yahoo! Pager "= "1 "
    "swg "= "C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Hot Key Kbd 9910 Daemon "= "SK9910DM.EXE "
    "NvCplDaemon "= "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize "
    "GWMDMMSG "= "GWMDMMSG.exe "
    "Keyboard Preload Check "= "C:\\OEMDRVRS\\KEYB\\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:\ "Keyboard Preload Check\" "
    "GWMDMpi "= "C:\\WINNT\\GWMDMpi.exe "
    "CTHelper "= "CTHELPER.EXE "
    "UpdReg "= "C:\\WINNT\\UpdReg.EXE "
    "Jet Detection "= "C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe "
    "AdaptecDirectCD "= "\ "C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\" "
    "SBC Yahoo! Connection Manager "= "\ "C:\\Program Files\\SBC Yahoo!\\Connection Manager\\ConnectionManager.exe\" "
    "piiserviceOE "= "\ "C:\\Program Files\\iHateSpam Outlook Express\\iHateSpam Outlook Express Edition\\piiserviceOE.exe\" "
    "QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
    "Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe "
    "ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
    "iTunesHelper "= "C:\\Program Files\\iTunes\\iTunesHelper.exe "
    "BJCFD "= "C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "
    "Motive SmartBridge "= "C:\\PROGRA~1\\SBCSEL~1\\SMARTB~1\\MotiveSB.exe "
    "HostManager "= "C:\\Program Files\\Common Files\\AOL\\1136089691\\ee\\AOLSoftware.exe "
    "CapFax "= "C:\\Program Files\\PhoneTools\\CapFax.EXE "
    "TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
    "IPHSend "= "C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe "
    "Adobe Photo Downloader "= "\ "C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\" "
    "!AVG Anti-Spyware "= "\ "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed "= "1 "
    "NoChange "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed "= "1 "

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion "=dword:00000110
    "DeskHtmlMinorVersion "=dword:00000005
    "Settings "=dword:00000001
    "GeneralFlags "=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert "= "C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe "

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "= "Narrator.exe "

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "ALUAlert "= "C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe "

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "RunNarrator "= "Narrator.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "= "AVG Anti-Spyware 7.5 "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername "=dword:00000000
    "legalnoticecaption "=" "
    "legalnoticetext "=" "
    "shutdownwithoutlogon "=dword:00000001
    "undockwithoutlogon "=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091
    "CDRAutoRun "=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091
    "CDRAutoRun "=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
    "CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
    "WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
    "SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "



    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20061013-111228-278
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    backup-20061013-111228-885
    O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINNT\svchost.exe (file missing)
    backup-20061013-111228-142
    O4 - HKLM\..\Run: [PersonalWeb] "C:\Program Files\Claria\PersonalWeb\PersonalWeb.exe "
    backup-20061013-111228-843
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    backup-20061013-111228-238
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    backup-20061013-111228-875
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    backup-20061013-111228-502
    O2 - BHO: PersonalWebBHO - {D35980CB-66DF-477B-BF63-64EB8F48CB3A} - C:\Program Files\Claria\PersonalWeb\PersonalWebIE_v1108.dll
    backup-20061013-111228-834
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    backup-20061009-141103-254
    O18 - Protocol: bwz0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-674
    O18 - Protocol: offline-8876480 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-878
    O18 - Protocol: bwz0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-402
    O18 - Protocol: bwv0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-701
    O18 - Protocol: bwx0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-583
    O18 - Protocol: bwy0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-978
    O18 - Protocol: bww0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-936
    O18 - Protocol: bwy0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-480
    O18 - Protocol: bww0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-484
    O18 - Protocol: bwx0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-990
    O18 - Protocol: bwt0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-966
    O18 - Protocol: bwu0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-623
    O18 - Protocol: bwt0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-507
    O18 - Protocol: bwu0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-486
    O18 - Protocol: bwv0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-747
    O18 - Protocol: bwq0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-946
    O18 - Protocol: bwr0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-349
    O18 - Protocol: bwr0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-362
    O18 - Protocol: bws0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-608
    O18 - Protocol: bws0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-656
    O18 - Protocol: bwp0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-870
    O18 - Protocol: bwn0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-261
    O18 - Protocol: bwo0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-240
    O18 - Protocol: bwm0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-720
    O18 - Protocol: bwn0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-462
    O18 - Protocol: bwm0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-293
    O18 - Protocol: bwq0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-205
    O18 - Protocol: bwp0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-564
    O18 - Protocol: bwo0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-151
    O18 - Protocol: bwl0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-409
    O18 - Protocol: bwl0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-884
    O18 - Protocol: bwj0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-606
    O18 - Protocol: bwj0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-841
    O18 - Protocol: bwk0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-856
    O18 - Protocol: bwk0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-307
    O18 - Protocol: bwi0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-455
    O18 - Protocol: bwf0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-715
    O18 - Protocol: bwg0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-707
    O18 - Protocol: bwf0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-305
    O18 - Protocol: bwh0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-406
    O18 - Protocol: bwe0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-295
    O18 - Protocol: bwh0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-512
    O18 - Protocol: bwg0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-273
    O18 - Protocol: bwi0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-825
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    backup-20061009-141103-657
    O18 - Protocol: bwb0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-653
    O18 - Protocol: bwe0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-595
    O18 - Protocol: bwa0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-563
    O18 - Protocol: bwd0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-753
    O18 - Protocol: bwd0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-353
    O18 - Protocol: bwc0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-381
    O18 - Protocol: bwc0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-433
    O18 - Protocol: bwa0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-941
    O18 - Protocol: bwb0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-121
    O18 - Protocol: bw80 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-394
    O18 - Protocol: bw50s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-501
    O18 - Protocol: bw80s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-508
    O18 - Protocol: bw90s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-768
    O18 - Protocol: bw70s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-163
    O18 - Protocol: bw60 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-935
    O18 - Protocol: bw60s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-886
    O18 - Protocol: bw70 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-922
    O18 - Protocol: bw90 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-665
    O18 - Protocol: bw50 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-216
    O18 - Protocol: bw20 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-686
    O18 - Protocol: bw40 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-740
    O18 - Protocol: bw20s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-330
    O18 - Protocol: bw40s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-411
    O18 - Protocol: bw30s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-479
    O18 - Protocol: bw10s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-170
    O18 - Protocol: bw30 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-627
    O18 - Protocol: bw+0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-794
    O18 - Protocol: bw00s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-659
    O18 - Protocol: bw-0 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-930
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    backup-20061009-141103-847
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    backup-20061009-141103-787
    O18 - Protocol: bw10 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-926
    O18 - Protocol: bw-0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-125
    O18 - Protocol: bw00 - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    backup-20061009-141103-837
    O18 - Protocol: bw+0s - {A7AED5DF-595E-4720-B946-140E6A106B79} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    Contents of the 'Scheduled Tasks' folder
    C:\WINNT\tasks\Norton AntiVirus - Scan my computer - grammy.job

    Completion time: 06-11-16 12:24:51.81
    C:\ComboFix.txt ... 06-11-16 12:24
     
    pegmorell,
    #22


  3. to hide this advert.

  4. 2006/11/16
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Peggy
    Is the icon gone?

    The combofix log and your last HJT log looks clean.

    Let me know. If things are OK then,
    You can delete the smitfraud and combofix tools, If you ever need them again there will be a newer version to download anyway.

    Surf safely
    Geri
     
    Geri,
    #23
  5. 2006/11/16
    pegmorell

    pegmorell Inactive Thread Starter

    Joined:
    2005/04/09
    Messages:
    75
    Likes Received:
    0
    What is VirusBurst

    Geri

    Thanks. The icon is gone and everything looks back to normal. Now if I can just convince my sweetheart not to let friends onto our computer....

    Peggy
     
    pegmorell,
    #24
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...