Results 1 to 10 of 10

Thread: New Malware.j virus problem

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    Question New Malware.j virus problem

    Mcfee keeps telling me the c:\windows\smss.exe has New Malware.j virus, but mcfee can only move it instead of deleting. However, when I was in safemode and trying to delete this infected file, I didn't find the 'smss.exe' under c:\windows, but later mcfee still keep telling that this file is infected.

    Please help me to remove this virus, thanks a lot!!

    spybot has just been conducted and those 'red' detected are fixed.

  2. #2
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    Default

    here's the hijack
    Logfile of HijackThis v1.99.1
    Scan saved at 14:34:40, on 2006-06-18
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\csrss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\System32\ibmpmsvc.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\WINDOWS\System32\S24EvMon.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\University of Arizona Software\U of A VPN Client\cvpnd.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
    D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\windows\System32\QCONSVC.EXE
    C:\WINDOWS\System32\RegSrvc.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\windows\System32\alg.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\ctfmon.exe
    C:\windows\system32\tp4serv.exe
    C:\windows\AGRSMMSG.exe
    D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\windows\system32\regedit.com
    C:\windows\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\windows\system32\conime.exe
    C:\windows\exerouter.exe
    C:\windows\exerouter.exe
    C:\windows\exerouter.exe
    C:\windows\exerouter.exe
    D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    F2 - REG:system.ini: Shell=explorer.exe 1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
    O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll (file missing)
    O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\windows\Downlo~1\IEHpr.dll (file missing)
    O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\IE.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [S3TRAY2] ; S3Tray2.exe
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [TPHOTKEY] ; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMLREF] ; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [TPKMAPHELPER] ; C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TP4EX] ; tp4ex.exe
    O4 - HKLM\..\Run: [EZEJMNAP] ; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ibmmessages] ; C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] ; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IESAddr] ; RunDll32 "C:\windows\Downlo~1\Gladiator.dll",Boot
    O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] ; rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ToP] ; C:\windows\LSASS.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TProgram] C:\windows\smss.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TPKMAPMN] ; C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
    O4 - HKCU\..\Run: [MSCalsClocks] D:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
    O4 - HKCU\..\Run: [Skype] ; "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: University of Arizona VPN Client.lnk = C:\Program Files\University of Arizona Software\U of A VPN Client\vpngui.exe
    O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
    O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = telcom.arizona.edu
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = telcom.arizona.edu
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telcom.arizona.edu
    O18 - Protocol: bw+0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

  3. #3
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    Default

    "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\University of Arizona Software\U of A VPN Client\cvpnd.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\windows\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: QCONSVC - IBM Corp. - C:\windows\System32\QCONSVC.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - F:\pROGRAM\VNC4\WinVNC4.exe" -service (file missing)

  4. #4
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    Default

    the other virus detected Mcfee is 'EXP10RER.com', also reported to be under c:\windows, but I still can't find it under that folder

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Welcome

    Create a hijackthis uninstall list
    Start HiJackThis
    Press 'Config'
    Press 'Misc Tools'
    Press 'Open Uninstall Manager'
    Press 'Save List'
    Save the log to a convenient location
    Copy the log and post its contents in this thread

  6. #6
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    Default

    Access IBM
    Access IBM Cleanup Utility
    Access IBM Message Center
    Access IBM Tools
    ACDSee 7.0 PowerPack
    Adobe Reader 7.0.8 - Chinese Simplified
    Adobe Reader Chinese Traditional Fonts
    Agere Systems AC'97 Modem
    ATI Control Panel
    ATI Display Driver
    ATI HYDRAVISION
    BioEdit
    Citi Virtual Account Numbers
    Default
    DnaSP 4.0
    eREAD
    FlashGet(JetCar)
    GeneTree
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Hijackthis 1.99.1
    HijackThis 1.99.1
    IBM 32-bit SDK for Java 2, v1.4.1
    IBM Access Connections
    IBM Themes
    IBM ThinkPad Battery MaxiMiser and Power Management Features
    IBM ThinkPad Configuration
    IBM ThinkPad EasyEject Utility
    IBM ThinkPad Keyboard Customizer Utility
    IBM ThinkPad Power Management Driver
    IBM ThinkPad Presentation Director
    IBM TrackPoint Accessibility Features
    IBM TrackPoint Support
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) Sebring API
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Runtime Environment 1.1
    Java Web Start
    K-Lite Codec Pack 2.72 Basic
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech IM Video Companion
    Logitech ImageStudio
    Macromedia Flash Player 8
    McAfee Anti-Spyware Enterprise Module
    McAfee VirusScan Enterprise
    Microsoft Chinese Date & Time
    Microsoft GB18030 Support Package
    Microsoft Office Professional Edition 2003
    MotoKit 1.06
    Motorola Handset USB Driver
    Mozilla Firefox (1.0.7)
    Norton WMI Update
    PowerQuest PartitionMagic Pro 7.0 (Build 283) for NT/2000/XP
    Powerword 2005
    PrimoPDF
    QuickTime
    R for Windows 2.2.0
    San Fermín
    Sequencher 4.6 Demo
    SmartMoto
    Spybot - Search & Destroy 1.4
    SSH Secure Shell
    ThinkPad FullScreen Magnifier
    ThinkPad Software Installer
    Tom - Skype 2.5
    Tucson Electronic Timetable
    VNC Free Edition 4.1.1
    VobSub 2.23
    VobSub v2.23 (Remove Only)
    VoipStunt
    VPN Client
    WaveCN
    Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
    Windows Installer 3.1 (KB893803)
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format Runtime
    Windows XP Service Pack 2

    WinRAR
    Zoto Uploader 2.5.3

  7. #7
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    Default

    Thank U!!

  8. #8
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    Default

    some documents it creates everytime after reboot are,
    D:\autorun.inf
    C:\Windows\finders.com
    C:\Windows\1.com
    ......

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    This is your PC not the universities correct ?

    I expected to see a few chinnese SearchNet items mentioned on addremove.

    I see sings of sophos, Norton and mcaffee, please uninstall all but one antivirus

    ONLY after thats been taken care of continue on.

    Start Hijackthis and place a check next to these items If there.
    F2 - REG:system.ini: Shell=explorer.exe 1
    O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
    O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll (file missing)
    O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\windows\Downlo~1\IEHpr.dll (file missing)
    O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\IE.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O4 - HKLM\..\Run: [IESAddr] ; RunDll32 "C:\windows\Downlo~1\Gladiator.dll",Boot
    O4 - HKLM\..\Run: [ToP] ; C:\windows\LSASS.exe
    O4 - HKLM\..\Run: [TProgram] C:\windows\smss.exe
    O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
    ====================================
    Hit fix checked and close Hijackthis.
    Restart the PC
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    C:\windows\exerouter.exe
    Download, install, update and run Prevx1
    http://fileinfo.prevx.com/adware/QQ5...ONFIG.COM.html
    do a full scan, reboot afterwards.

    Post back with another nhijackthis log when finished

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    This topic is closed due to lack of a response to helper.
    If you need it re-opened please send me a pm and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •