View Full Version : "Bad Image"&"Unexpected Error" Messages,
northernunicorn
2006-02-06, 07:40
Hi:
:confused: Im not sure if this is the forum I should be writing to for help, but I need to start somewhere . Im sure that some "bug" or "parasite" has done something but I dont want to do a reformat unless I absolutely have to.
SITUATION/PROBLEM:
1. Infected with Application.Adware.NewDotNet.Dropper according to .
2. "Bad Image", & "Unexpected Error" messages come up for various programs/applications-see below for list & particulars.
3. Cant access System Restore, Task Manager, or HiJack This.
HISTORY:
Starting on late evening Jan30/06, a message box showed up in the lower right side of task bar saying a chkdsk needed to be done. The message mentioned something about ICQ (ICQ is on the computer but hasnt been accessed in a few months).
I was told about the message 1&1/2 hours after it appeared; I clicked the 2 boxes in the chkdsk window from "tools", & restarted the computer so the chkdsk could run.
As soon as the chkdsk started, in the first section, all of a sudden there were "tons" of files scrolling down as if being added or accesssed. The chkdsk continued & finished.
NOTE:I'm never quick enough to read the report so I didnt see what it said. (Also, I dont even know how to access the report after the chkdsk is done).
When I opened up my user account, I noticed that the AVG icon on taskbar was grey. I clicked on it to update and a message said "no new updates".
When I clicked the desktop AVG icon , I received a message (see message 1).
I was able to open the AVG Control Center-Database said it hadnt been updated since Dec.17 2005(or approx.). However I KNOW I received an update just a few days before(I check daily for updates).
Antivirus AVG is now up to date(I was able to get the Jan31/2006 update late evening that night).
At first I kept receiving the "Bad Image" message for AVG desktop icon, but once the Jan31 update was on the computer, I dont get that message for AVG anymore.
[B]I continue to receive the "Bad Image" message for various other applications/programs.
Windows Version: Windows XP SP2 Home Edition- 2 user Accounts set up (mine password controlled)
Firewall: WindowsXP SP2 default firewall
Anti virus program: AVG Free 7.1.375 database 267.15.0 249 02/02/2006-set to auto update daily but I check manually as well to make sure-auto scan daily.
Other Protection Software:
Spybot Search & Destroy1.4 detection date 2006-01-27 Default Mode-manual check daily for updates-scan daily
Spyware Blaster-manual daily check for updates(BEFORE when I could access the program)
Lavasoft Ad-Aware SE Personal Edition(downloaded Feb2/06(after the troubles happened-manual check daily for updates-scan daily-NO "Bad Image" or "Unexpected Error" message received-works great!!!
Content Advisor Program activated & password controlled by me(I have 2 late teen boys)
NOTE: Used to have Spyware Guard-deleted June2005 but I think restricted sites are still active on list.
Exact error message 1: "The application or DLL C:/Windows/system32/.......is not a valid Windows image. Please check your installation disk." (not sure what that is-installation disk cause computer came new with pre-programmed operating system).
Exact error message 2: "Unexpected Error".(for Spyware Blaster & HijackThis ONLY)
Programs/applications affected (ones that Ive noticed so far):
taskmgr.exe (see message1)...VDMDBG.dll . Task manager WONT load from right click on taskbar OR from CTRL ALT DEL keys.
spybotSD.exe (see message1) ...Srclient.dll Program DOES load, scan & update.
spywareblaster.exe see message 2)( Program tries to load page but then message appears.
rundll.exe(see message 1)
msnmgr.exe (see message1) ....msdmo.dll
HijackThis
System Restore (see message1) ...rstrui.exe
I cant access system restore to turn it off OR to go back to a restore point. The window loads for me to choose a previous point or to create a new one; however, the "Bad Image" message comes up when I choose "previous restore point". It appears that I may be able to create a NEW restore point though.
WHAT IVE DONE SO FAR:
1. "How to clean an infected computer" (AVG Free forum instructions) -followed all instructions-thats when I discovered that System Restore couldnt be accessed.
2. Ran Disk Cleanup utility [Cleanup]-program used 2X monthly
on my computer since May2005 when "little eagle"-Spybot Moderator instructed me to download & use it.
3. AVG Complete Scan (Normal & Safe modes)-NO VIRUSES
4. Spybot S&D scan (Normal & Safe modes)-up to date definitions-NO PROBLEMS
5. Ad-Aware scan-NO PROBLEMS
6. Defrag
7. Chkdsk -including fix & repair (Normal & Safe modes)
8. Feb 2/06 Posted for help on Antivirus free forum[http://forum.grisoft.cz/freeforum]
9. Directed from there to [aumha.org] to "The Parasite Fight" pages for info & a copy of Hijack his(I got it here instead)& told by moderator to go with info/situation to Spyware site where I trust the people.
10. Today Read at Spybot "Before you post a log", followed instructions, did scan at [Bit Defender Virus Scan] site, Spybot scan & downloaded HJT files into [C:Antispyware2006] folder(there is a previous "Antispyware" folder from when I got help here in May2005-didnt know if I was supposed to erase it.).
11. Attempted to use HJT to scan but got "Unexpected Error" message.
:o I sure hope that you can help me or direct me to where I can get help.
I also hope I didnt give TOO much info BUT that I gave enough.
Thank you from Dorothy-Im still hopeful that this situation can be fixed:bigthumb:
hi
can you install new programs ?
i'd like you to do the following:
Please download ewido anti malware (http://www.ewido.net/en/download/) it is a free version of the program.
Install ewido security suite
When installing, under "Additional Options" uncheck..
Install background guard
Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://www.ewido.net/en/download/updates/)
Once the updates are installed do the following:
reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
then launch ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.
reboot back to normal mode, post the ewido report here
i'd really need to see the full contents of the error messages, especially if ther is a mention of a missing file.. could you try to write them ?
northernunicorn
2006-02-12, 06:30
Hi "illukka":
Thank you for your reply and request. Yes...I can download new programs.:)
Sorry I took so long to get back to you.I had to go out of town for a few days. I will do as you requested and get back to you as soon as I've finished.
Thanks again.:) from Dorothy
northernunicorn
2006-02-13, 17:14
Hi illukka:
Here are the "ewido anti malware reports that you requested.
I had to use the "manual updates" link.
There were 2 choices of update databases that seemed to be both the same size, (didnt know which to choose),so I installed the "most recent database" choice first ,rebooted into Safe Mode, chose "Complete System Scan".
A message came up that said "Remove"(I had no choice of "Clean") so I clicked it, saved the first scan in "My Documents".
I then went back to the manual updates link, installed the full update database, rebooted to safe mode, chose Complete Computer Scan-, and saved that report as well (2nd report).
ewido first report
--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:17:33 AM, 12/02/2006
+ Report-Checksum: 42C5A90A
+ Scan result:
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup
::Report End
ewido 2nd report
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 3:41:52 AM, 12/02/2006
+ Report-Checksum: 71C78A61
+ Scan result:
C:\System Volume Information\_restore{4FB30166-1CDF-4883-93F0-E2BED21D25AA}\RP154\A0057426.ocx -> Adware.Coupons : Cleaned with backup
::Report End
Question:
Should I do another scan? It seems that there were 2 different things found.
Error Messages
I will write out the error messages just as they appear so you can see the file names. I'll be back to post them in another reply.
Thanks for your help. Please let me know what else I should do...another ewido scan, etc.
from Dorothy...still hopeful:)
hi
actually its the same detection, first its found in the filesystem> cleaned. then the second scan finds it in system restore
no malware, at least visible malware there
lets still check some more:
Download and Save Blacklight (http://www.f-secure.com/blacklight/try.shtml) to your desktop:
Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next
You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
northernunicorn
2006-02-15, 20:27
Hi:
I downloaded & saved Blacklight as you requested.
:confused: I didnt see "scan through Windows Explorer";
I only saw a "box" for hidden processes,(:confused: was it supposed to scan more???)so I clicked scan, then next.
The results were no hidden processes.
Here is copy of the log that was on my desktop.
Log fsbl-2--6-215190329
02/15/06 14:03:29 [Info]: BlackLight Engine 1.0.30 initialized
02/15/06 14:03:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/15/06 14:03:29 [Note]: 7019 4
02/15/06 14:03:29 [Note]: 7005 0
02/15/06 14:04:02 [Note]: 7006 0
02/15/06 14:04:02 [Note]: 7011 472
02/15/06 14:04:03 [Note]: FSRAW library version 1.7.1014
02/15/06 14:05:41 [Note]: 7006 0
02/15/06 14:05:41 [Note]: 7011 472
02/15/06 14:05:41 [Note]: FSRAW library version 1.7.1014
02/15/06 14:07:13 [Note]: 7007 0
I hope this is okay & what you were looking for. Pls let me know.
Im going to post the "Unexpected Error " essages & "Bad Image" message in a separate reply, just to keep things organized.
Thanks...looking forward to hearing from you.
from Dorothy:)
northernunicorn
2006-02-15, 21:51
Hi again::)
Here are the particulars of the message boxes that appear:
1. Task Manager:
[taskmgr.exe-Bad Image]
[This application or DLL C:Windows/system32/VDMDBG.dll is not a valid Windows image. Please check this against your installation diskette.]
This is the message that appears for Task Manager when I hit
Ctrl>Alt>Delete. Nothing shows up when I right-click on the lower taskbar..
This message keeps coming up 4 to 5 times after clicking [ok] or [X], before it disappears.Task Manager window does not appear.
2. Spybot-Search & Destroy version 1.4:
[SpybotSD.exe-Bad Image]
[The application or DLL C:Windows/system32/SrClient.dll is not a valid Windows Image. Please check this against your installation diskette.]
This message box appears no matter what I click for Spybot(desktop icon,or from [start]>[all programs].
However, when you click [ok] or [X] to close the message, the program does load and check for updates and check for problems.
3. MSN Messenger version 7.5(Build 7.5.0324):
[msnmsgr.exe-Bad Image]
[The application or DLL C:Windows/system32/msdmo.dll is not a valid Windows image. Please check this against your installlation diskette.]
When you click [ok] or [X] to close the message, MSN does load and run without any problems as far as I know.
4. Spyware Blaster:
[SpywareBlaster]
For a split second, I can see that the Spyware Blaster window is trying to open, but then the [Unexpected error] message appears. Spyware Blaster opening window does not load so I cant even check for updates....not sure if it is blocking the sites its supposed to and I dont know how to check if it is running.
5. [U]System Restore:
[rstrui.exe-Bad Image]
[The application or DLL C:Windows/system32/srclient.dll is not a valid Windows image. Please check this against your installation diskette.]
Takes 6-7 clicks on [ok] or [X] to close this message box; then [Welcome to System Restore] window comes up, showing a dot in [Restore my computer to an earlier time]. I click [next], then this message box below appears:
[System restor:rstrui.exe-Bad Image]
I can click on link for [System Restore Settings] and access [System Properties]. I am afraid to click the box for [turn off system restore] because message comes up telling me all restore points will be lost.
I can click[Create a restore point]>[next] and the window comes up for me to create a restore point & type a description.
I can click [back], and click back and forth between [Restore computer...] and [Create a restore....]. The error messages dont show up, but I cant access calendars to choose a restore date.
As far as I know, these are the only messages and programs affected.
:scratch: Any ideas? Please let me know.
Thanks a lot for your help so far. Still hopeful.:)
from Dorothy
hi
this could be a fileinfector virus. lets try these tools first:
Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.
then:
Create a folder on your desktop called Sysclean.
Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.
Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.
Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.
is hijackthis still unavailable?
could you try this:
http://diamondcs.com.au/downloads/asviewer.zip
unzip, then launch the program
when it has loaded click file> save to save its logfile. post that here
northernunicorn
2006-02-18, 18:40
Hi again:
I got your post of Feb.16. I was unavailable yesterday to follow your instructions. Doing them. Will get back to you with info when I'm finished.
Thanks from Dorothy:) ....still hopeful
northernunicorn
2006-02-18, 19:32
Hi illukka:
Below is the log for the MWAV antivirus tool. I clicked on [view log] and copied from MWAV Notepad. Hope this is what you wanted.
By the way, a [Bad Image] message came up when I double-clicked the MWAV icon on my desktop but it appears to have run anyway. The DLL mentioned is the same one as mention for the Task Manager [Bad Image] message.(Just curious if this means anything).
MWAV antivirus tool message:
[mwavscan.com-Bad Image]
[The application DLL or C:windows/system32/VDMDBG.DLL is not a valid Windows image. Please check this against your installation diskette.]
Log for the MWAV antivirus tool:
Sat Feb 18 13:01:02 2006 => **********************************************************
Sat Feb 18 13:01:02 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sat Feb 18 13:01:02 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sat Feb 18 13:01:02 2006 => **********************************************************
Sat Feb 18 13:01:02 2006 => Source: C:\DOCUME~1\DOROTH~1\Desktop\mwav.exe
Sat Feb 18 13:01:03 2006 => Version 8.1.8 (C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\mwavscan.com)
Sat Feb 18 13:01:03 2006 => Log File: C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\MWAV.LOG
Sat Feb 18 13:01:03 2006 => MWAV Registered: FALSE.
Sat Feb 18 13:01:03 2006 => OS Type: Windows Workstation
Sat Feb 18 13:01:03 2006 => Local Fixed Drives: c:\
Sat Feb 18 13:01:03 2006 => MWAV Mode: Only Scan files.
Sat Feb 18 13:01:03 2006 => Latest Date of files inside MWAV: 16 Feb 2006 12:40:42.
Sat Feb 18 13:01:08 2006 => AV Library Loaded...
Sat Feb 18 13:01:08 2006 => MWAV doing self scanning...
Sat Feb 18 13:01:08 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavss.exe
Sat Feb 18 13:01:08 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\Getvlist.exe
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavss.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavssdi.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavssi.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavvlg.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\msvlclnt.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\ipc.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\main.avi
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\virus.avi
Sat Feb 18 13:01:09 2006 => MWAV files are clean.
Sat Feb 18 13:01:19 2006 => Virus Database Date: 2/16/2006
Sat Feb 18 13:01:19 2006 => Virus Database Count: 177018
Sat Feb 18 13:03:22 2006 => **********************************************************
Sat Feb 18 13:03:22 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sat Feb 18 13:03:22 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sat Feb 18 13:03:22 2006 =>
Sat Feb 18 13:03:22 2006 => Support: support@mwti.net
Sat Feb 18 13:03:22 2006 => Web: http://www.mwti.net
Sat Feb 18 13:03:22 2006 => **********************************************************
Sat Feb 18 13:03:22 2006 => Version 8.1.8 (C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\mwavscan.com)
Sat Feb 18 13:03:22 2006 => Log File: C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\MWAV.LOG
Sat Feb 18 13:03:22 2006 => User Account: Dorothy Blake
Sat Feb 18 13:03:22 2006 => Windows Root Folder: C:\WINDOWS
Sat Feb 18 13:03:22 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Sat Feb 18 13:03:22 2006 => OS: Windows XP
Sat Feb 18 13:03:23 2006 => Latest Date of files inside MWAV: 16 Feb 2006 12:40:42.
Sat Feb 18 13:03:23 2006 => Options Selected by User:
Sat Feb 18 13:03:23 2006 => Memory Check: Enabled
Sat Feb 18 13:03:23 2006 => Registry Check: Enabled
Sat Feb 18 13:03:23 2006 => StartUp Folder Check: Enabled
Sat Feb 18 13:03:23 2006 => System Folder Check: Enabled
Sat Feb 18 13:03:23 2006 => System Area Check: Disabled
Sat Feb 18 13:03:23 2006 => Services Check: Enabled
Sat Feb 18 13:03:23 2006 => Drive Check: Enabled
Sat Feb 18 13:03:23 2006 => All Drive Check :Disabled
Sat Feb 18 13:03:23 2006 => Drive Selected = C:\
Sat Feb 18 13:03:23 2006 => Folder Check: Disabled
Sat Feb 18 13:04:54 2006 => ERROR!!! Unable to Load Memory List...
Sat Feb 18 13:04:54 2006 => ERROR!!! LoadMemory Fails
Sat Feb 18 13:04:54 2006 => Total Objects Scanned: 0
Sat Feb 18 13:04:54 2006 => Total Critical Objects: 0
Sat Feb 18 13:04:54 2006 => Total Disinfected Objects: 0
Sat Feb 18 13:04:54 2006 => Total Objects Renamed: 0
Sat Feb 18 13:04:54 2006 => Total Deleted Objects: 0
Sat Feb 18 13:04:54 2006 => Total Errors: 2
Sat Feb 18 13:04:54 2006 => Time Elapsed: 00:01:31
Sat Feb 18 13:04:54 2006 => Virus Database Date: 2/16/2006
Sat Feb 18 13:04:54 2006 => Virus Database Count: 177018
Sat Feb 18 13:04:54 2006 => Scan Completed.
I will post this now; later I'll post the sysclean.log
Thanks again for your patience and help from Dorothy:) ...still hoping...
northernunicorn
2006-02-18, 21:30
Hi illukka::)
This post refers to Sysclean. (Log is posted in separate post because I could only put in 20000 characters).
I followed instructions & links.
The Official Pattern Release file I downloaded was the Virus Pattern File 3.219.0. :o I hope this was the one you meant. There was also one called Spyware Pattern File.
I unzipped lpt219.zip and put it in the Sysclean folder on my desktop.
I turned off my AVG antivirus, as you instructed, to do the scan.(My antivirus is now re-activated).
(:scratch: I noticed there are tons of [Access denied] in the log. Did I forget to do something? There is also a [TSCDebug] text in the Sysclean folder. Do you need to see this?)
Thanks again from Dorothy:)
northernunicorn
2006-02-18, 21:37
Sysclean logfrom Dorothy:) 2 posts required for the complete log
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2006-02-18, 14:05:25, Auto-clean mode specified.
2006-02-18, 14:05:25, Running scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\TSC.BIN"...
2006-02-18, 14:05:42, Scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\TSC.BIN" has finished running.
2006-02-18, 14:05:42, TSC Log:
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)
Start time : Sat Feb 18 2006 14:05:27
Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\tsc.ptn" (version 708) [success]
Complete time : Sat Feb 18 2006 14:05:42
Execute pattern count(4727), Virus found count(0), Virus clean count(0), Clean failed count(0)
2006-02-18, 14:06:35, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2006-02-18, 14:06:59, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\ntuser.dat": Access is denied.
2006-02-18, 14:06:59, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:07:37, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:07:37, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:09:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:09:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:21:08, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll": Access is denied.
2006-02-18, 14:23:47, Could not set file for reading on "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\svchost.exe.20050623-175825-00.hdmp": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ANTINYXEM-EN.EXE-37BA044C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ARENA106.EXE-03C79771.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-36A38F59.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3038B75E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3B0744C3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGVV.EXE-0A3F8C17.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGVV.EXE-21F74736.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-00A2F684.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-011FD837.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-01D5CE53.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-25B8DD3B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\BLBETA.EXE-05F7E9E5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\BOOTSTRAP.EXE-029F9551.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1B0F5664.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CLOKSPL.EXE-06FE98F1.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DEUSEX.EXE-36857429.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DISCIPLES2.EXE-0D57C04B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SETUP.EXE-32981F35.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-20060211.EXE-312F37A2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-FULL-2006021-1CEA2D19.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-FULL-2006021-3B015D17.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDOCTRL.EXE-0EEA53F9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\FCEU.EXE-2BC92791.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\FCEU.EXE-304D0E4F.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GAME.EXE-2635C338.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GOLEM.EXE-1872B826.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-085E9953.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1BC9B572.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1F35F0D6.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVER.EXE-3B6DD980.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IUN3405.EXE-10F422FB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IUN507.EXE-092E1DB6.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVA.EXE-2427EF62.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JUCHECK.EXE-197A10BB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-098E13FC.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LAUNCHER.EXE-31F89DC2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LVCOMS.EXE-2DC18031.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MDM.EXE-07915C2C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-1EF9AA05.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-3D93B3AE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGR0.EXE-3317DF91.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSN6.EXE-2001F6AE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-25A27ADA.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSWORKS.EXE-31812CA4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2006-02-18, 14:24:05,
BALANCE TO FOLLOW
northernunicorn
2006-02-18, 21:39
BALANCE OF SYSCLEAN LOG from Dorothy:) Hope this is ok.
Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-108B0D14.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-3784AE71.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\PHOTOED.EXE-0F3CAA01.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\PSEMU.EXE-1E3C7BCC.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RAK3CFG.EXE-0724BE85.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12B3A3D4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-13E68835.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-17D51176.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-22AE43CD.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2341BBC5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-247FE6B9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C7B5C4A.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-311943EE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B684387.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE10179.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4D080F35.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SBAUTOUPDATE.EXE-1D16DE15.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SC3U.EXE-0485547C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SC3U.ICD-01AE1C6E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SCUNIN.EXE-02C5EED2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-278F473B.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0667B060.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-1FD0147E.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SIMCITY 3000 UNLIMITED_EREG.E-28CE4FE3.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SK2000DM.EXE-357B3AFD.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SKDAEMON.EXE-2C388FC6.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SKIP98.EXE-20F220E3.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SKTEMPDM.EXE-3855B182.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-20CF1E62.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\ST6UNST.EXE-1F77290E.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SUN.EXE-359311A4.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINS000.EXE-27E109E0.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINSTALL.EXE-08514516.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-0BAC6EF2.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-2611013F.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATER.EXE-076075EE.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDCON610.EXE-1DBC79A8.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WUPDMGR.EXE-2F30BEAB.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-256366BA.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\YPAGER.EXE-31587640.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\_INS5176._MP-23834F0A.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\_ISWUC.EXE-280CBA09.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\_IU14D2N.TMP-319F9C26.pf": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\DEFAULT": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SOFTWARE": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SYSTEM": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-02-18, 14:26:41, An error occurred while scanning file "C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat": Access is denied.
2006-02-18, 14:26:46, Running scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN"...
2006-02-18, 14:49:23, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/18/2006 14:26:50
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean
58479 files have been read.
58479 files have been checked.
46316 files have been scanned.
82988 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/18/2006 14:49:22
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-18, 14:49:24, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/18/2006 14:26:50
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean
58479 files have been read.
58479 files have been checked.
46316 files have been scanned.
82988 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/18/2006 14:49:22 22 minutes 31 seconds (1351.03 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-18, 14:49:24, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/18/2006 14:26:50
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean
58479 files have been read.
58479 files have been checked.
46316 files have been scanned.
82988 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/18/2006 14:49:22 22 minutes 31 seconds (1351.03 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-18, 14:49:24, Scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN" has finished running.
thanks
nothing in it
those are normal ( access denied), those files are exclusively used(=locked) by the operating system.
lets see the other scan results then :)
again some of the logs can be large, i am interested in detected malware/ infected files , feel free to edit the logs to make them smaller.
northernunicorn
2006-02-18, 22:17
Hi illukka::) re: your Feb.16 post-final section
Hijackthis is still not available. I can unzip program & see [icon of dynamite], but i get the following message[Hijackthis] when I double click.
Did you get my previous post about MWAV antivirus tool?
I read your response to the Sysclean log. Thanks for answering my question.
Please let me know what I have to do after this. Thanks again for your time & patience.:) from Dorothy
[U]Here is logfile for diamondcs.com
DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Dorothy Blake@BLAKESCOTT, 02-18-2006
c:\windows\system32\autoexec.nt
C:\WINDOWS\system32\mscdexnt.exe
C:\WINDOWS\system32\redir.exe
C:\WINDOWS\system32\dosx.exe
c:\windows\system32\config.nt
C:\WINDOWS\system32\himem.sys
c:\windows\wininit.ini [rename]
NUL=C:\Skip98\FILE_ID.DIZ
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=C:\WINDOWS\downlo~1\ymsgrins.exe
c:\windows\system.ini [drivers]
timer=timer.drv
c:\windows\system.ini [boot]\shell
C:\WINDOWS\Explorer.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
C:\WINDOWS\Explorer.exe
HKCR\vbsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\vbefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wshfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wsffile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Detect Kbd Daemon
C:\WINDOWS\system32\SK2000DM.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LVCOMS
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
nwiz.exe /install
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_CC
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Hardware Abstraction Layer
C:\WINDOWS\KHALMNPR.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KernelFaultCheck
C:\WINDOWS\system32\dumprep 0 -k
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UserFaultCheck
C:\WINDOWS\system32\dumprep 0 -u
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
C:\Program Files\QuickTime\qttask.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
HKLM\System\CurrentControlSet\Control\WOW\cmdline
C:\WINDOWS\system32\ntvdm.exe
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\rsvpsp.dll
HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
C:\WINDOWS\system32\JAVASUP.VXD
hi
that doesn't show anything either
can you download thesefiles, and replace the existing corrupted ones with new ones:
http://www.dlldump.com/download-dll-files.php/dllfiles/V/vdmdbg.dll/download.html
http://www.dlldump.com/download-dll-files.php/dllfiles/S/srclient.dll/download.html
then try again those programs( that you got the errors with )
northernunicorn
2006-02-20, 01:21
Hi illukka::)
I got your reply of Feb.19 (today.)
I downloaded the vdmdbg.dll and srclient.dll files from the links you provided. I saved them in [Program files](not sure where I was supposed to save them).
However, now I'm confused:scratch: . How do I replace the corrupted ones with the new ones?:
It's probably something REALLY easy, obvious & simple, but I can't think of how to do it. Sorry about that.:(
Could you please reply with instructions? I'd really appreciate that.
Thanks once again for your patience & sharing your knowledge.:angel:
from Dorothy...starting to see some light at the end of the tunnel...
i would do searches for the filenames, then replace the old ones with the new ones
northernunicorn
2006-02-20, 16:19
Hi illukka::)
I got your reply about this morning. Thanks...I'll do what you suggested & get back to you with the results.
Thanks from Dorothy...here's hoping:)
northernunicorn
2006-02-20, 21:12
:) Hi illukka::)
As I previously said, I downloaded the new files...vdmdbg.dll & srclient.dll (saved in Program files) from your links in Feb.19 post.
I replaced the corrupted ones in C:Windows/system32...with the new ones. and restarted computer after replacing each corrupted file.
SUCCESSES: :)
Taskmanager,MicroWorld Antivirus Spyware Toolkit Utility,Spybot-Search & Destroy, System Restore all load OKAY and no messages come up.YEAH:bigthumb:
Also, previously, in System Restore, a "Bad Image"message for file [rstrui.exe] was coming up when I would click [OK] for [Restore my computer...earlier time.]. That message no longer comes up either.:)
Problems: :(
Spyware Blaster still gets message [Unexpected Error] & a big red X (no file name given) and will not load & I cant check for updates.
Previous to writing to this forum, I had uninstalled & reinstalled Spyware Blaster hoping that that would correct the problem but, alas, it didnt.
HijackThis STILL gets the message [Unexpected Error] & a big red X. It will not load or run(not sure of the term to use for this).
I still have a file with HijackThis from 2005 when I received help. :confused: Im not sure if this is causing a problem. Since I have the contents saved on a floppy, should I just delete it from my computer?
MSN Messenger still gets the message:
[msnmsgr.exe] [The application or DLL C:Windows/system32/msdmo.dll is not a valid Windows image. Please check this against your installation diskette.]
The program loads though & we can use it.
It's GREAT that some of the issues are fixed. Thank you very much :)
Please let me know your ideas on fixing the others.
You're doing a terrific job, illukka.
Thanks from Dorothy:)
hi
great to hear that :)
now that system restore is available you should immediately create a fresh restore point ;)
i would really try downloading fresh installers for the programs ( msn messenger ans spyware blaster)
and reinstall those
i would reinstall those programs in safe mode.
reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
try that if it helps
also :
Clean out temporary files.
Go to "Start" > "Run" and type cleanmgr
Make sure the following are selected:
* Temporary Internet Files
* Recycle Bin
* Temporary Files
* Recycle Bin
Click "OK'.
Repeat for each user account on the computer.
i would run diskdefrag too, right click your c\drive icon at my computer, select properties> tools > disk defrag
, if you see a lot of red you really should defrag the drive
let me know how it goes
northernunicorn
2006-02-21, 20:53
Hi illukka: :crowned:
Just read your post from yesterday.(Feb.20/06)
I've already done some of what you suggested(defrag,clean up Temp files & recycle bin for each user); but I will create a [System Restore Point] AND try re-installing [Spyware Blaster] and [MSN Messenger] in Safe mode (didnt know I could install things in [safe mode].
I will reply to you with the results.
Thanks again. You are the best.:) from Dorothy
hi
i got a great suggestion from one of the spybot's adviser team members ( thanks bitman :) )
download the vb runtimes from the following link
http://www.microsoft.com/downloads/details.aspx?FamilyID=bf9a24f9-b5c5-48f4-8edd-cdf2d29a79d5&DisplayLang=en
then doubleclick on the file to install, follow the prompts
try again those programs ;)
also this file may help specially with spyware blaster woes:
http://www.javacoolsoftware.net/downloads/missingfilesetup.exe
install it too
tell me how it
goes
northernunicorn
2006-02-22, 05:01
Hi illukka: :)
I've done as you suggested in your last 2 posts.
disk cleanup
deleted by Add/Remove programs & fresh download & safe mode install re: Spyware Blaster-"Unexpected Error" still came up
downloads & installs re: [...vbrun60sp5.exe] and [...missingfilesetup.exe] as suggested in your 2nd post
updated Spyware Blaster(it now is up-to-date & runs... :bigthumb:)
Spyware Blaster [save point] done
System Restore point done
removed by Add/Remove programs & fresh install MSN Messenger7.5(I think the install might have happened in Normal mode)..."Bad Image" message re: .[..msdmo.dll]STILL comes up.:(
System Restore Point done
Defrag done
>>>I still haven't tried to get HijackThis again since these last fixes.
I was wondering...remember you had me go to [www.dlldump.com] to get 2 new files for vdmdbg.dll & srclient.dll for the other programs that had "Bad Image" messages???.... Do you think that would help in this situation for MSN Messenger 7.5??? :o Just a thought...wasn't sure if it would work if there is the correct .dll file there...
Please let me know what you think. So far you & "bitman" have got everything else back working. Just MSN Messenger left (& HijackThis if you still need to see that).
:bigthumb: Way to go!!!! Please let me know what's next...if anything.
Thanks again BIG TIME from Dorothy:)
Dorothy,
Since illukka soen't appear to be online at the moment, I'm going to suggest how to fix the corrupt msdmo.dll file. I had thought it was part of the MSN Messenger install too, so we both thought reinstalling this would fix it, but we were wrong since it appears to have been installed and updated with Windows XP itself.
On my WIndows XP Pro system, I found a second 'backup' copy of this dll in the C:\Windows\ServicePackFiles\i386 folder. The bad copy should be in the C:\Windows\System32 folder. So simply rename the file in System32 with an extension name like 'DL1', so it will remain in the folder but not operate. Then copy the msdmo.dll from the i386 folder mentioned above to the System32 folder.
Let us know how it goes.
Thanks,
Bitman
hi
thanks Bitman :bigthumb:
northernunicorn
2006-02-22, 20:14
:) Hi illukka and bitman::crowned:
SUCCESS!!!!:bigthumb: thanks to you two and your patience & perseverance.
bitman...your suggestion re: [msdmo.dll] worked. MSN Messenger NO LONGER comes up with "Bad Image" message YEAHH!!!
What I've done Today (Feb.22/06):
Disk Cleanup
System Restore Point
Updated & scanned with AVG antivirus(incl.update today), Spybot S&D, Ad-Aware- all OK
Updated SpywareBlaster-all boxes checked
Questions:
1. In the System32 folder, is it ok that there is an extra [icon] in the row where I renamed the corrupted file & copied the one from [i386]? Just never saw this happen before...usually everthing is all neatly lined up. Just curious...
2. Do you need to see any more logs?
3. The downloads you had me save: eg.ewido anti-malware, MWAV antivirus tool , F-Secure BlackLight Beta, , Sysclean & [lpt219 files], asviewer...do I still need them or do I delete/remove them?
4. In my initial post for help, I mentioned that [BitDefender Virus scan] said I was infected with [Application.Adware.NewDotNet.Dropper] in [C:Windows/system32/dx2003103.exe=>wise0018] I had scanned there re: [Before you post a log] Safer Networking instructions. However, this never showed up before or after with the other programs. Should I investigate this now that all else is fixed?
Please let me know if there's anything else to be done.
Thank you again for sharing your knowledge..
I really appreciate it. I could NEVER have fixed this myself alone.
from Dorothy:)
Dorothy,
Glad that worked and happy to have helped "improve your image". :D
Regarding question 1, the 'extra' icon, simply press F5 while in that screen. This is the equivalent of a 'Refresh' and will resort and arrange the icons.
The other questions I'll leave to illukka as the malware helper. I'd also prefer he decide if it's safe to delete the 'bad' copy you renamed to MSDMO.DL1, since I'm not certain if this was a file or disk issue.
Good luck with the remaining recovery work, hope you don't find any other damaged files.
Bitman
hi
could you upload this file:
C:Windows/system32/dx2003103.exe
to
http://www.thespykiller.co.uk/forum/index.php?board=1.0
please read this topic before posting
http://www.thespykiller.co.uk/forum/index.php?topic=5.0
i'll take a closer look at the file. it looks like an installer, randomly named..
3. The downloads you had me save: eg.ewido anti-malware, MWAV antivirus tool , F-Secure BlackLight Beta, , Sysclean & [lpt219 files], asviewer...do I still need them or do I delete/remove them?
go ahead ;) delete them
if needed you know where to get them :)
i would like to find the cause of this issue.. could you tell how old the computer is ?
northernunicorn
2006-02-23, 19:08
:) Hi illukka:)
Thanks for your reply. I have appointments all day so I won't be able to do the things you suggested until later tonight.
Hope that's ok:o
By the way, my IBM computer was new 2002 and to be honest other than a spyware thingy Spybot forum helped me with in 2005, I've NEVER had a problem with it.
I know I need more memory(I'm on disability so money usually gets spend on necessities),but we get by for now. It loads quickly & with DSL surfs fine. no glitches...no complaints.
Anyway, I'll get to those requests later tonight.
Thanks again...NO MORE MESSAGES>>>IT"S SO GREAT...:bigthumb: EXCELLENT pun[new and improved image]...:rofl:
from Dorothy:)
hi
your is about the same age as mine.. i've had to change the hard drive once as the original blew up.
if your finances allow i'd take it to a computer shop for some maintenance( cleaning etc )
again special thanks to bitman, for great suggestions and everything else :)
northernunicorn
2006-02-25, 22:35
Hi illukka: :)
Here is a link to spykiller site for the file C:Windows/system32/dx2003103
I think it was something to do with a desktop or screensaver image called [Halloween Rider] back in Oct.2003. That file or whatever it was is no longer on the computer.
http://www.thespykiller.co.uk/forum/index.php?topic=1217.0
Please let me know what you want me to do. Thanks from Dorothy :)
hi
that was a genuine detection, the file is an installer that contains a malware bundle inside
delete it :)
are there still problems
northernunicorn
2006-02-28, 08:07
:) Hi illukka::)
I have deleted [dx2003103.exe] as you requested.
All the programs that were affected before by the & [Unexpected Error] messages are 'Message Free" now. Thanks very much.
Even [HijackThis] is available now :) ; it was receiving message before & wasnt available.
[B][U]Questions:
1. Did you want to see a HJT log now or is that no longer necessary?
2. post 2006-02-22 time:15:17
The other questions I'll leave to illukka as the malware helper. I'd also prefer he decide if it's safe to delete the 'bad' copy you renamed to MSDMO.DL1, since I'm not certain if this was a file or disk issue.
[B]What do you suggest?
3. As far as cause of the [Bad Image] & [Unexpected Error] messages, Im curious too...it all seemed to get triggered from [do a chkdsk] message that appeared in the taskbar Jan.30/06. Not even sure why the [do a chkdsk]message was there...just know that...
HISTORY:
Starting on late evening Jan30/06, a message box showed up in the lower right side of task bar saying a chkdsk needed to be done. The message mentioned something about ICQ (ICQ is on the computer but hasnt been accessed in a few months).
I was told about the message 1&1/2 hours after it appeared; I clicked the 2 boxes in the chkdsk window from "tools", & restarted the computer so the chkdsk could run.
As soon as the chkdsk started, in the first section, all of a sudden there were "tons" of files scrolling down as if being added or accesssed. The chkdsk continued & finished.
Whatever it was that caused this seems to have been stopped/fixed. The computer is running fine...no complaints.
:bigthumb: Thanks again to you & [bitman] for your patience and help.:angel:
from Dorothy:)
hi
ok a hijackthis log will do fine
i said before that i didnt believe this was a malware issue but lets make sure
i suppose its just disk corruption, the checkdisk started automatically because there likely was an error with the disk, broken sector or similar
i suggest you start saving for a new hard disk.. good thing that hard disks are cheap nowadays :)
northernunicorn
2006-03-02, 01:54
:) Hi illukka: :)
Here is the [HijackThis] log dated today. [in 2 parts cause too many characters).
Please let me know what to do next, if anything. Computer is running GREAT!!!!Thanks.:)
from Dorothy
Logfile of HijackThis v1.99.1
Scan saved at 7:43:50 PM, on 01/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\Sktempdm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackThis2006\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotspex.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://avon.avon.ca
O15 - Trusted Zone: http://www.avon.ca
O15 - Trusted Zone: http://www.ca.avon.com
O15 - Trusted Zone: http://www.cereal.com
O15 - Trusted Zone: http://www.columbiahouse.ca
O15 - Trusted Zone: http://mypoints.eprize.net
O15 - Trusted Zone: http://www.miaw-ssmm.ca
O15 - Trusted Zone: http://www.mypoints.com
O15 - Trusted Zone: http://www.nt.net
O15 - Trusted Zone: http://clubgames.pogo.com
O15 - Trusted Zone: http://game1.pogo.com
O15 - Trusted Zone: http://www.pogo.com
O15 - Trusted Zone: http://shop.regalgreetings.com
O15 - Trusted Zone: http://www.regalgreetings.com
O15 - Trusted Zone: http://www.salcentre.org
O15 - Trusted Zone: http://www.sdc.gc.ca
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124515069796
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
part 2 contd next post
northernunicorn
2006-03-02, 01:55
part 2 of hijackThis log from Dorothy
O18 - Protocol: bw+0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
hi
fix these items with hijackthis
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
do you use the logitech desktop messenger ?
if not, you can uninstall it from control panel> add remove programs
post a final log
looks free of malware :)
northernunicorn
2006-03-02, 19:10
:) Hi illukka: :)
Thanks for your reply.
fix these items with hijackthis
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
post a final log
Done & posted log in next replies(2 parts)
As for [Logitech Desktop Messenger]:
I have a Logitech webcam & wireless mouse.
Add/Remove Programs shows [Logitech Quickcam] & [Logitech SetPoint]
C:/Program Files shows folder called [Logitech]; contains folders called
[Desktop Messenger],[Media Life],[MusicMatchLMXRadio],[QuickCam],[SetPoint]
I believe [SetPoint] has to do with the wireless mouse. For example-get an icon on taskbar when in wireless mouse.
When I click to [delete] C:/Program Files/Logitech/Desktop Messenger, I get a [B]warning message saying 'Renaming,moving, or deleting [Desktop Messenger] could make some programs not work. Are you sure you want to so this?".
Not really sure which programs wont work, so Ive just left this folder be.
Thanks again for all your help & suggestions. You're doing a terrific job. Keep up the good work:bigthumb:
Gratefully from Dorothy:) ...HJT final log to follow
northernunicorn
2006-03-02, 19:14
HJT final log part 1 from Dorothy
Logfile of HijackThis v1.99.1
Scan saved at 12:35:59 PM, on 02/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\Sktempdm.exe
C:\WINDOWS\system32\Skdaemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\hijackThis2006\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotspex.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Detect Kbd Daemon] SK2000DM.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://avon.avon.ca
O15 - Trusted Zone: http://www.avon.ca
O15 - Trusted Zone: http://www.ca.avon.com
O15 - Trusted Zone: http://www.cereal.com
O15 - Trusted Zone: http://www.columbiahouse.ca
O15 - Trusted Zone: http://mypoints.eprize.net
O15 - Trusted Zone: http://www.miaw-ssmm.ca
O15 - Trusted Zone: http://www.mypoints.com
O15 - Trusted Zone: http://www.nt.net
O15 - Trusted Zone: http://clubgames.pogo.com
O15 - Trusted Zone: http://game1.pogo.com
O15 - Trusted Zone: http://www.pogo.com
O15 - Trusted Zone: http://shop.regalgreetings.com
O15 - Trusted Zone: http://www.regalgreetings.com
O15 - Trusted Zone: http://www.salcentre.org
O15 - Trusted Zone: http://www.sdc.gc.ca
part 2 follows next reply
northernunicorn
2006-03-02, 19:16
HJT part 2from Dorothy
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124515069796
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68/ePlayer/2_0/ACNePlayer.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {D43DB7B0-7C43-45A4-BD6C-49B296EF3045} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
end of HJTfrom Dorothy:)
northernunicorn
2006-03-02, 19:28
Hi illukka::)
Hope you got the 2 parts of my final HJT log.
I have a few questions re: the log.
Is there anything I can do about [files missing] items? Is this a problem?
For [Logitech Desktop Messenger], sxhould I just get in touch with [Logitech} to find out how to delete/deactivate the [Desktop Messenger]?...
or do you know how to do that?
No problems with computer...its all fixed & running very well. Many thanks
from Dorothy:)
hi
the file missing is a known bug of hiajckthis, nothing to worry
afaik desktop messenger can be safely uinstalledand it wont affect any programs
removing it will make a system run faster
as the log is clean:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore (http://www.bleepingcomputer.com/forums/tutorial63.html)
or
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad (https://netfiles.uiuc.edu/ehowes/www/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.
Glad we could help. :)