PDA

View Full Version : Protection Bar


Schweiny
2006-12-25, 07:38
Hey, I'm not sure if this is a common problem, but I was on the computer, and when i opened Internet Explorer I noticed this Protection Bar thing, which I can't remove. It has 4-5 tabs on it as well, adn its changed me homepage to: hxxp://protectionssoft.com/
When that page opens it comes up with a Windows style popup asking me to install something or other but I always click cancel. Also in my little Taskbar thingo at the bottom right of my screen, theres two new icons:

-One is a yellow hazard like exclamation mark saying:
System Alery:Trojan-Spy.Win32@mx
-Another is a Question Mark and something else.

Does anyone know how to remove this thing? I'm following this guide here:
hxxp://remove-protection-bar.org/?gclid=CIjXiIKArYkCFQMRYQodZCoIMw

and I was just wondering if that one is good or not? Help as soon as possible willb e appreciated, thanks in advance.
Schweiny
2006-12-25, 08:12
Actually I found the sticky and I'm going through the steps. Its still doing an online scan, and its already found 51 spywares. I've got HijackThis ready and Spybot S&D ready for once the online scan is done. What am I meant to post in this topic? The Panda scan has done barely anything (around 30,000 files) the bar is about a centimetre full...am I meant to wait for it to finish?
Schweiny
2006-12-25, 09:35
I managed to get rid of the Protection Bar with Spybot S&D, the only thing is, there is still an icon at the bottom toolbar, when I hover my mouse over it it says: "Systems Alert!"

I took two pictures, the icon switches between two things:

http://img19.imageshack.us/img19/7395/1zs7.jpg
http://img216.imageshack.us/img216/4296/2lq7.jpg

And it also occasionally pops-up with this:
http://img145.imageshack.us/img145/6375/3rl8.jpg

I think thats the only thing left to get rid of. Help much appreciated

Those are the three pictures.

I couldn't do an online scan...it was taking way too long, but it found 50-ish spywares, if you want me to do an online scan then I will...Also here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:17:11 PM, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Imran\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetprepaid.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Documents and Settings\Imran\My Documents\GetRight\xx2gr.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: WebBlock Class - {C6B08E8D-3F9A-4710-9F38-E4BF827C6AC2} - C:\Documents and Settings\Imran\My Documents\Website Block\webblock.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [4wFAfURb] C:\WINDOWS\ieshg.exe
O4 - HKLM\..\Run: [-
] C:\WINDOWS\ieshg.exe
O4 - HKLM\..\Run: [nLpEsljRN] C:\WINDOWS\ieshg.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Media Access] C:\PROGRA~1\MEDIAA~1\MediaAccK.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PCSuiteForNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia6600 TS.lnk = ?
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Documents and Settings\Imran\My Documents\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Documents and Settings\Imran\My Documents\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Imran\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Documents and Settings\Imran\ICQLite\ICQLite.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Schweiny
2006-12-25, 09:36
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O15 - Trusted Zone: www.online.mq.edu.au
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://amna23k.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A352D8E5-25DE-4B83-872F-98842905DE04} - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{29B87236-5DF2-4777-9683-57DE31F56D97}: NameServer = 203.12.160.35
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7B83558-4696-489A-B7D8-3F50CA64EBA0}: NameServer = 203.12.160.35,203.12.160.36
O18 - Protocol: bw+0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {386D778F-AAB2-475B-A76C-29337CD4C62A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Documents and Settings\Imran\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Mr_JAk3
2006-12-25, 15:02
Hi Schweiny and welcome to the forums :D:

You got infections there...

You seem to have this Logitech Desktop Messenger program installed.The program is legitimate but a huge resource hog. I recommend that you uninstall it through Control Panel, Add/Remove programs if you don't use it. This would make your computer to run faster.

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)

NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
Schweiny
2006-12-26, 07:27
Ah thanks. Yeah that logitech must be my webcam. This is the SmitFraud thing:

mitFraudFix v2.131

Scan done at 17:25:49.29, Tue 26/12/2006
Run from C:\Documents and Settings\Imran\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Mr_JAk3
2006-12-26, 11:51
Hi again, we'll continue :)

You seem to have this Viewpoint software installed.It has a suspicious reputation and Irecommend that you remove it via Control Panel, Add/Remove programs.
This is the folder to delete, C:\Program Files\Viewpoint
This is the line to fix with HijackThis, O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

RIGHT-CLICK HERE (http://metallica.geekstogo.com/MediaGateway.BFU) and choose "Save As" (in IE it's "Save Target As") in order to download Meda MediaGateway remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

==================

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
Media Access

and any other programs you didn't install or don't recognize - if your not sure please ask first

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: WebBlock Class - {C6B08E8D-3F9A-4710-9F38-E4BF827C6AC2} - C:\Documents and Settings\Imran\My Documents\Website Block\webblock.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [4wFAfURb] C:\WINDOWS\ieshg.exe
O4 - HKLM\..\Run: [-] C:\WINDOWS\ieshg.exe
O4 - HKLM\..\Run: [nLpEsljRN] C:\WINDOWS\ieshg.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [Media Access] C:\PROGRA~1\MEDIAA~1\MediaAccK.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINDOWS\ieshg.exe

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select MediaGateway.BFU
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
- contents of C:\Rapport.txt
:bigthumb:
Schweiny
2006-12-26, 13:44
Wow that's a lot to do lol, I probably won't be able to do it now, have to go somewhere. My older brother was asking if all this is safe etc. so I just need clarity on that before I do it. By the way he managed to get rid of those System Alert! icons on the tray thing at the bottom right.
Mr_JAk3
2006-12-26, 19:55
Hi :)

Yes the list is quite long because of the infections. Well I always try to do my best and you are not the first user I'm helping. You can check some other topics where I have been helping by clicking my profile.

:bigthumb:
tashi
2007-01-04, 07:45
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.