pseudoquet

Members
  • Content Count

    39
  • Joined

  • Last visited

Community Reputation

0 Neutral

About pseudoquet

  • Rank
    Advanced Member
  1. ! Jump for joy ! IE is now navigating and I have no more known symptoms from the antispywarebox infection. Big thanks to CalamityJane for all your help removing the stupid thing in the first place! And thanks to dvk01 for the astute observation that led me to fiddle around in Norton and restore IE internet navigability. Here's what had happened. At some point in the quest to get rid of antispywarebox I had changed the Norton firewall setting from low to high. Apparently IE will not work unless Norton firewall is on the low setting. I would never had thought that that was the reason IE was not working. Thanks for the tip dvk01! Now that I have overcome this virus I am going to do a general cleanup (and increase precautionary measures) by following the advice as outlined in a link that CalamityJane has been posting: http://www.dslreports.com/faq/13620 Then I will reset my system restore points. Then I will back up all of the important files on my computer on CDs and DVDs. This is the most crucial thing that I have never done... If I had a backup I would have been able to cut my losses at some point during a nasty infection like this one and wipe my hard drive clean and then re-install my operating system and files. IF anyone has been following this thread out of curiosity and has not backed up their files on their computer, PLEASE learn from my mistake. Is there anything else I should do to prevent future attacks? Also, as a final note, I just want to say that I have been amazed to discover that a community such as this one exists and the help of strangers, especially CalamityJane, has in no small part reaffirmed my belief in humanity at the time when the malicious pranks of antispywarebox called it into question. I have learned so much this past week and hope that I can pass on some of this knowledge to friends, family members, colleagues, or even a stranger on a security forum.
  2. Ok, thanks for the clarification about IE. I just checked it and it is not working. How are you making out in the storm?
  3. Calamity and Derek: The files you requested in post 58 have been uploaded to http://www.thespykiller.co.uk/forum/index.php?topic=1827.0 Thanks again for your ocntinued attention. Also, I have not checked IE after the past two or three steps because I suspect that every time I open it it is downloading more things to deal with... Could you tell me when are appropriate times to check it? Thanks.
  4. Calamity Jane: You have been excellent about responding to my posts quickly. I will understand if a tropical storm delays you Please be safe though! I will now try the suggestions from post 58...
  5. And the latest rapport: SmitFraudFix v2.59 Scan done at 20:08:04.76, Mon 06/12/2006 Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\about_spyware_bg.gif Deleted C:\WINDOWS\about_spyware_bottom.gif Deleted C:\WINDOWS\as.gif Deleted C:\WINDOWS\as_header.gif Deleted C:\WINDOWS\box_1.gif Deleted C:\WINDOWS\box_2.gif Deleted C:\WINDOWS\box_3.gif Deleted C:\WINDOWS\button_buynow.gif Deleted C:\WINDOWS\button_freescan.gif Deleted C:\WINDOWS\download_box.gif Deleted C:\WINDOWS\features.gif Deleted C:\WINDOWS\footer_back.gif Deleted C:\WINDOWS\footer_back.jpg Deleted C:\WINDOWS\header_1.gif Deleted C:\WINDOWS\header_2.gif Deleted C:\WINDOWS\header_3.gif Deleted C:\WINDOWS\header_4.gif Deleted C:\WINDOWS\main_back.gif Deleted C:\WINDOWS\rf.gif Deleted C:\WINDOWS\rf_header.gif Deleted C:\WINDOWS\scan_btn.gif Deleted C:\WINDOWS\security-center-bg.gif Deleted C:\WINDOWS\security-center-logo.gif Deleted C:\WINDOWS\security_center_caption.gif Deleted C:\WINDOWS\sep_hor.gif Deleted C:\WINDOWS\sep_vert.gif Deleted C:\WINDOWS\spacer.gif Deleted C:\WINDOWS\spacer.gif' Deleted C:\WINDOWS\spyware-detected.gif Deleted C:\WINDOWS\star_gray.gif Deleted C:\WINDOWS\star_gray_small.gif Deleted C:\WINDOWS\star_small.gif Deleted C:\WINDOWS\ts.gif Deleted C:\WINDOWS\ts_header.gif Deleted C:\WINDOWS\v.gif Deleted C:\WINDOWS\warning_icon.gif Deleted C:\WINDOWS\win_logo.gif Deleted C:\WINDOWS\x.gif Deleted C:\WINDOWS\system32\thlwin32.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
  6. Ok, here is the logs requested in post 56. HiJackThis: Logfile of HijackThis v1.99.1 Scan saved at 8:14:09 PM, on 6/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton Internet Security\ISSVC.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/Symantec-eLife-PCSec-54NAblue O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [urlLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe O4 - Startup: HP Organize.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: D-Link AirPlus.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1129917381609 O18 - Protocol: bw+0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {AA286532-1E7F-444E-9532-3B42A9464F67} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  7. ...I'm running late running around this morning, I will run SmitFraud again when I get home tonight. I'll be in touch.
  8. I'm wondering, do you think I should try to do the updated SmitFraudFix again?
  9. Allright, the killbox log is posted on the other site...
  10. Ok, I posted the latest MWAV log on http://www.thespykiller.co.uk/forum/index.php?board=1.0.
  11. I didn't do that last HiJackThis fix is Safe Mode, was I supposed to?
  12. I did the "fix check" for the file "R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost" in HiJackThis. Opened IE, still no luck.
  13. Restating my problem: IE explorer not navigating has been my only symptom for a while. The nature the problem makes me think there is still some bad infection. To restate, here's what is happening: When I try to navigate to any webpage from IE it looks like it is loading normally and then after a few seconds Microsoft Internet Explorer message box comes up that says "Internet Explorer could not open the search page." When I close that message box IE displays a message that says "Downloading from site: res://C:\Win\system32\shdoclc.dll/dnserror.htm". IE explorer will not navigate to any webpages. A question: Could I just unistall IE and then reinstall it (I guess I do need it for Microsoft updates and the like)? Or would the infection still likely be there?
  14. Re: IEFIX I have the install CD somewhere (my computer did come with Service Pack 2 preinstalled), but I'm not sure where it is... i'll skip this for now.
  15. ...I don't know how to zip files. I attached the txt file of the Norton Alerts log. I can resend a zipped version of it if you tell me how. Thanks. Alerts_Norton_Log_6_11_06.txt