I have been having problems here: taskbar icons not loading, NAV not
starting u, keyboard problems, system restore and other misc things not
working properly.
what I have done:
I ran a full virus scan and a trojan (Trojan.Brisv.A) was detected in a mp3
file. I ran the removal tool for this and it said it was successfully
removed.
reinstalled Norton 360 and scaned again..all clean..
I also ran CCleaner and malwarebytes and windows malicious software removal
tool but nothing fixed the problem.
Could it be the trojan is still around? or perhaps some sort of malware.
I have included my Hijackthis,MBAM logs below.
Any input on this would be greatly appriciated.
Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:06 AM, on 2/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://cm.my.yahoo.com/?.src=fp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost;*.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\acroiehelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention -
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft
Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program
files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -
C:\Program Files\Common Files\Symantec
Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut]
HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] C:\Program
Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
/SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital
Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe
/autostart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\Administrator\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1730848434-1571779169-1417603265-500\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1730848434-1571779169-1417603265-500\..\Run:
[BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
(User '?')
O4 - HKUS\S-1-5-21-1730848434-1571779169-1417603265-500\..\Run: [RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User '?')
O4 - HKUS\S-1-5-21-1730848434-1571779169-1417603265-500\..\Run: [Zinio DLM]
C:\Program Files\Zinio\ZinioReader.exe /autostart (User '?')
O4 - HKUS\S-1-5-21-1730848434-1571779169-1417603265-500\..\Run: [Google
Update] "C:\Documents and Settings\Administrator\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-1730848434-1571779169-1417603265-500\..\Run: [Aim6]
(User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program
Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program
Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default
user')
O4 - S-1-5-21-1730848434-1571779169-1417603265-500 Startup: OneNote 2007
Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft
Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program
Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from
HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows
Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.h ... zeb032YYUS
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -
{320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar -
{724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner
Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) -
http://www.winkflash.com/photo/loaders/ ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 7582872734
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download
Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) -
http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl
Object) -
http://www.imagestation.com/common/clas ... v=1,0,0,37
O18 - Protocol: bw+0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {9F57019D-69A0-4DBA-804C-F062E5EFF66F} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -
C:\Program Files\Common Files\Macrovision Shared\FLEXnet
Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common
Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation -
C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) -
http://forums.teambeachbody.com/groupee ... 2111008321
O24 - Desktop Component 2: (no name) -
http://forums.teambeachbody.com/groupee ... 008321/p/2
O24 - Desktop Component 3: (no name) -
http://forums.teambeachbody.com/groupee ... 008321/p/3
O24 - Desktop Component 4: (no name) -
http://forums.teambeachbody.com/groupee ... 008321/p/4
--
End of file - 30123 bytes
Malwarebytes' Anti-Malware 1.34
Database version: 1805
Windows 5.1.2600 Service Pack 3
2/26/2009 5:50:52 AM
mbam-log-2009-02-26 (05-50-52).txt
Scan type: Quick Scan
Objects scanned: 78735
Time elapsed: 13 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1
(Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c}
(Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c}
(Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0}
(Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c}
(Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}
(Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3}
(Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) ->
Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
(Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Administrator\Application Data\addon.dat
(Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32:Optix_ScreenCapS.dll (Rootkit.ADS) -> Quarantined and
deleted successfully.
Problems
Moderators: DllAdmin, DLLADMIN ONLY
Re: Problems
Tricky wrote:
> I have been having problems here: taskbar icons not loading, NAV not
> starting u, keyboard problems, system restore and other misc things not
> working properly.
> what I have done:
> I ran a full virus scan and a trojan (Trojan.Brisv.A) was detected in a
> mp3 file. I ran the removal tool for this and it said it was successfully
> removed.
>
> reinstalled Norton 360 and scaned again..all clean..
>
> I also ran CCleaner and malwarebytes and windows malicious software
> removal tool but nothing fixed the problem.
> Could it be the trojan is still around? or perhaps some sort of malware.
(snip HJT log)
While running HijackThis is a good idea for you, we don't analyze HJT logs
here in the MS newsgroups. Here are specialty forums where you can post
your log. Choose one, reading its posting FAQ first.
http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/for ... y.php?f=25
http://www.geekstogo.com/forum/Malware_ ... e-f37.html
http://www.malwarebytes.org/forums/inde ... howforum=7
http://gladiator-antivirus.com/forum/in ... wforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
> I have been having problems here: taskbar icons not loading, NAV not
> starting u, keyboard problems, system restore and other misc things not
> working properly.
> what I have done:
> I ran a full virus scan and a trojan (Trojan.Brisv.A) was detected in a
> mp3 file. I ran the removal tool for this and it said it was successfully
> removed.
>
> reinstalled Norton 360 and scaned again..all clean..
>
> I also ran CCleaner and malwarebytes and windows malicious software
> removal tool but nothing fixed the problem.
> Could it be the trojan is still around? or perhaps some sort of malware.
(snip HJT log)
While running HijackThis is a good idea for you, we don't analyze HJT logs
here in the MS newsgroups. Here are specialty forums where you can post
your log. Choose one, reading its posting FAQ first.
http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/for ... y.php?f=25
http://www.geekstogo.com/forum/Malware_ ... e-f37.html
http://www.malwarebytes.org/forums/inde ... howforum=7
http://gladiator-antivirus.com/forum/in ... wforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
-
- Posts: 117
- Joined: 01 Mar 2009, 00:00
Re: Problems
We do not work with such logs in the public newsgroups.
[Tip: When composing a News or Email message in Word, only use ENTER to
begin a new paragraph. To begin a new line, use Shift+ENTER.]
Reinstalling N360 (even if you have purchased it) isn't going to help.
> Could it be the trojan is still around? or perhaps some sort of malware.
Yes, and you have more work to do.
1. Run this online scan (in safe mode w/networking, if need be):
http://onecare.live.com/site/en-us/center/howsafe.htm
2. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/pag ... ng_Malware
**Seek expert assistance in
http://spywarehammer.com/simplemachines ... board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or other appropriate forums.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Tricky wrote:
> I have been having problems here: taskbar icons not loading, NAV not
> starting u, keyboard problems, system restore and other misc things not
> working properly.
>
>
>
> what I have done:
>
>
> I ran a full virus scan and a trojan (Trojan.Brisv.A) was detected in a
> mp3
> file. I ran the removal tool for this and it said it was successfully
> removed.
>
> reinstalled Norton 360 and scaned again..all clean..
>
> I also ran CCleaner and malwarebytes and windows malicious software
> removal
> tool but nothing fixed the problem.
>
>
>
> Could it be the trojan is still around? or perhaps some sort of malware.
>
>
>
> I have included my Hijackthis,MBAM logs below.
>
>
>
> Any input on this would be greatly appriciated.
>
> Thanks
>
>
>
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 6:03:06 AM, on 2/26/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16791)
> Boot mode: Normal
<SNIP>
[Tip: When composing a News or Email message in Word, only use ENTER to
begin a new paragraph. To begin a new line, use Shift+ENTER.]
Reinstalling N360 (even if you have purchased it) isn't going to help.
> Could it be the trojan is still around? or perhaps some sort of malware.
Yes, and you have more work to do.
1. Run this online scan (in safe mode w/networking, if need be):
http://onecare.live.com/site/en-us/center/howsafe.htm
2. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/pag ... ng_Malware
**Seek expert assistance in
http://spywarehammer.com/simplemachines ... board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30, or other appropriate forums.**
If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Tricky wrote:
> I have been having problems here: taskbar icons not loading, NAV not
> starting u, keyboard problems, system restore and other misc things not
> working properly.
>
>
>
> what I have done:
>
>
> I ran a full virus scan and a trojan (Trojan.Brisv.A) was detected in a
> mp3
> file. I ran the removal tool for this and it said it was successfully
> removed.
>
> reinstalled Norton 360 and scaned again..all clean..
>
> I also ran CCleaner and malwarebytes and windows malicious software
> removal
> tool but nothing fixed the problem.
>
>
>
> Could it be the trojan is still around? or perhaps some sort of malware.
>
>
>
> I have included my Hijackthis,MBAM logs below.
>
>
>
> Any input on this would be greatly appriciated.
>
> Thanks
>
>
>
>
> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 6:03:06 AM, on 2/26/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.6000.16791)
> Boot mode: Normal
<SNIP>
-
- Posts: 117
- Joined: 01 Mar 2009, 00:00
Re: Problems
Malke wrote:
<snip>
> While running HijackThis is a good idea for you, we don't analyze HJT logs
> here in the MS newsgroups. Here are specialty forums where you can post
> your log. Choose one, reading its posting FAQ first.
>
> http://aumha.org/downloads/hijackthis.zip
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
> and
> the stickies *first*...
UPDATE: It's now named 'Malware Removal' forum, and there's one (recently
overhauled and strictly enforced) sticky:
http://aumha.net/viewtopic.php?t=4075 <w>
--
~R
<snip>
> While running HijackThis is a good idea for you, we don't analyze HJT logs
> here in the MS newsgroups. Here are specialty forums where you can post
> your log. Choose one, reading its posting FAQ first.
>
> http://aumha.org/downloads/hijackthis.zip
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
> and
> the stickies *first*...
UPDATE: It's now named 'Malware Removal' forum, and there's one (recently
overhauled and strictly enforced) sticky:
http://aumha.net/viewtopic.php?t=4075 <w>
--
~R
Re: Problems
PA Bear [MS MVP] wrote:
> UPDATE: It's now named 'Malware Removal' forum, and there's one (recently
> overhauled and strictly enforced) sticky:
> http://aumha.net/viewtopic.php?t=4075 <w>
Noted, with thanks!
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
> UPDATE: It's now named 'Malware Removal' forum, and there's one (recently
> overhauled and strictly enforced) sticky:
> http://aumha.net/viewtopic.php?t=4075 <w>
Noted, with thanks!
Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
http://www.elephantboycomputers.com/#FAQ
Re: Problems
I have posted my logs to a few forums but no responses so I thought I would
give this a try. Sorry I did not realize it was not allowed.
I also did do a norton online scan in safe mode but nothing was found. I
will try that other online scan that was posted here.
i'm really tring to avoid reformatting as my pc is kinda old and I don't
really feel like doing 5 years of updates and installs.
"Malke" <malke@invalid.invalid> wrote in message
news:ub1knBpmJHA.1168@TK2MSFTNGP05.phx.gbl...
> Tricky wrote:
>
>> I have been having problems here: taskbar icons not loading, NAV not
>> starting u, keyboard problems, system restore and other misc things not
>> working properly.
>
>> what I have done:
>
>> I ran a full virus scan and a trojan (Trojan.Brisv.A) was detected in a
>> mp3 file. I ran the removal tool for this and it said it was successfully
>> removed.
>>
>> reinstalled Norton 360 and scaned again..all clean..
>>
>> I also ran CCleaner and malwarebytes and windows malicious software
>> removal tool but nothing fixed the problem.
>
>> Could it be the trojan is still around? or perhaps some sort of malware.
>
> (snip HJT log)
>
> While running HijackThis is a good idea for you, we don't analyze HJT logs
> here in the MS newsgroups. Here are specialty forums where you can post
> your log. Choose one, reading its posting FAQ first.
>
> http://aumha.org/downloads/hijackthis.zip
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
> and
> the stickies *first*.
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/for ... y.php?f=25
> http://www.geekstogo.com/forum/Malware_ ... e-f37.html
> http://www.malwarebytes.org/forums/inde ... howforum=7
> http://gladiator-antivirus.com/forum/in ... wforum=170
> http://spywarewarrior.com/viewforum.php?f=5
> http://forums.techguy.org/54-security/
> http://forums.tomcoyote.org/
> http://www.thespykiller.co.uk/index.php?board=3.0
> http://forums.subratam.org/index.php?showforum=7
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>
give this a try. Sorry I did not realize it was not allowed.
I also did do a norton online scan in safe mode but nothing was found. I
will try that other online scan that was posted here.
i'm really tring to avoid reformatting as my pc is kinda old and I don't
really feel like doing 5 years of updates and installs.
"Malke" <malke@invalid.invalid> wrote in message
news:ub1knBpmJHA.1168@TK2MSFTNGP05.phx.gbl...
> Tricky wrote:
>
>> I have been having problems here: taskbar icons not loading, NAV not
>> starting u, keyboard problems, system restore and other misc things not
>> working properly.
>
>> what I have done:
>
>> I ran a full virus scan and a trojan (Trojan.Brisv.A) was detected in a
>> mp3 file. I ran the removal tool for this and it said it was successfully
>> removed.
>>
>> reinstalled Norton 360 and scaned again..all clean..
>>
>> I also ran CCleaner and malwarebytes and windows malicious software
>> removal tool but nothing fixed the problem.
>
>> Could it be the trojan is still around? or perhaps some sort of malware.
>
> (snip HJT log)
>
> While running HijackThis is a good idea for you, we don't analyze HJT logs
> here in the MS newsgroups. Here are specialty forums where you can post
> your log. Choose one, reading its posting FAQ first.
>
> http://aumha.org/downloads/hijackthis.zip
> http://aumha.net/ - Click on the HijackThis forum. Read the announcement
> and
> the stickies *first*.
> http://www.atribune.org/forums/index.php?showforum=9
> http://aumha.net/viewforum.php?f=30
> http://www.bleepingcomputer.com/forums/forum22.html
> http://www.dslreports.com/forum/cleanup
> http://www.cybertechhelp.com/forums/for ... y.php?f=25
> http://www.geekstogo.com/forum/Malware_ ... e-f37.html
> http://www.malwarebytes.org/forums/inde ... howforum=7
> http://gladiator-antivirus.com/forum/in ... wforum=170
> http://spywarewarrior.com/viewforum.php?f=5
> http://forums.techguy.org/54-security/
> http://forums.tomcoyote.org/
> http://www.thespykiller.co.uk/index.php?board=3.0
> http://forums.subratam.org/index.php?showforum=7
>
> Malke
> --
> MS-MVP
> Elephant Boy Computers - Don't Panic!
> http://www.elephantboycomputers.com/#FAQ
>
-
- Posts: 117
- Joined: 01 Mar 2009, 00:00
Re: Problems
Malke wrote:
>> UPDATE: It's now named 'Malware Removal' forum, and there's one (recently
>> overhauled and strictly enforced) sticky:
>> http://aumha.net/viewtopic.php?t=4075 <w>
>
> Noted, with thanks!
Thank /you/!
>> UPDATE: It's now named 'Malware Removal' forum, and there's one (recently
>> overhauled and strictly enforced) sticky:
>> http://aumha.net/viewtopic.php?t=4075 <w>
>
> Noted, with thanks!
Thank /you/!