PDA

View Full Version : I think I am hijacked please help



rbyham
2007-01-05, 02:51
I am pretty much a noob to spyware stuff. But my IE does not go where I want to go. I seem to be going to ad pages. Have run Adaware and SPybot... both hang about 1/3 way into scan. Blacklight found 13 items but also hung so could not cleanm... below is my hijackthis log (hope I did this right had to spl;it in two becuase exceeded length limits...). Thanks for any help you can give.

Logfile of HijackThis v1.99.1
Scan saved at 5:45:25 PM, on 1/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\WINNT\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: Add to Net Snippets - C:\PROGRA~1\NETSNI~1\Res\Clipper.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - C:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&4&04.00.09.13&premium&nocookie&http://www.toyota.com/vehicles/2006/prius/key_features/int360.html?noreloadredir
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab
O16 - DPF: {0BD38EB7-32AA-43E9-8108-66B95E1E42BF} (BrowserClientUtils.ControlForm) - https://www.myvirtualworkplace.org/centuraproduction/cds/CenturaDirectCustom/BrowserClientUtils.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.myvirtualworkplace.org/LogonAgent/ClientComponents/ica32/wficat.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} (Crystal Report Viewer Control 9) - https://report1.cmalliance.org/crystalreportviewers/activeXViewer/activexviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab42341.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - https://report1.cmalliance.org/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/chzl/default/popcaploader_v10.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://www.myvirtualworkplace.org/LogonAgent/clientcomponents/cgc/en/csgproxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FE6FB24-55B9-431D-82DE-3F5E7B07BADC}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{15F51954-99A5-458E-A8F5-721451B93F01}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{79DED2D8-8992-4E1E-B4B6-EF99A1CB5524}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{897C5DDC-178A-4240-A627-B0FEE2CCEF73}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1956A5F-6DEB-4F9B-BBBE-8BE8B4E3A3CD}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8BEA776-6B8A-4533-AC2D-84092C99502E}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD36D2E6-745C-4D64-A2DA-A1DE51495BF5}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CCS\Services\Tcpip\..\{D214047F-29CD-413E-AAE0-F713971F2D5C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FE6FB24-55B9-431D-82DE-3F5E7B07BADC}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FE6FB24-55B9-431D-82DE-3F5E7B07BADC}: NameServer = 85.255.116.84,85.255.112.137
O17 - HKLM\System\CS3\Services\Tcpip\..\{0FE6FB24-55B9-431D-82DE-3F5E7B07BADC}: NameServer = 85.255.116.84,85.255.112.137
O18 - Protocol: bw+0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

rbyham
2007-01-05, 02:52
O18 - Protocol: bw10 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CDA93424-EABC-4CDC-8DC0-DAC0D166EFA1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Mr_JAk3
2007-01-07, 09:26
Hi rbyham and welcome to the Forums :)

You got infections there...

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

Mr_JAk3
2007-01-14, 21:32
This topic is closed due to lack of a response :spider:

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread.

Applies only to the original topic starter.