PDA

View Full Version : Can someone help please?



Murdy
2005-11-09, 21:08
Hello, i am writing this on behalf of my father as this is his machine and it needs a serious make over but hes unwilling to format and reinstall.

Hes had this comp for a few years and very rarely runs any anti virus or anti spyware software, i have done what i can to clean it up...ran a anti virus and spy bot, but i feel its not enough so im wondering if someone could take a quick look over the hijack this log.

His system is Windows XP Pro SP2, IE verision 6.0.2900, AMD 1.4Ghz 512 ram, Gforce FX 5950.
i have noticed that IE does have a stupid amount of search bars in it, so i've suggested to him to use firefox for the time being.

Thank you :)

here is the log.

Logfile of HijackThis v1.97.7
Scan saved at 18:44:21, on 09/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\CTSVCCDA.EXE
C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\NORTON~1\NORTON~1\navapw32.exe
C:\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\TBPanel.exe
C:\Quick Time Media Player\qttask.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ypvkmxhgniwomq.uk/m8DLI4VyCR3QWzYpuPn/k9B61/GLGPf5vCET7GyonBXr76u9zf9caGZyyLBQcVID.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Malcs Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F0 - system.ini: Shell=
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {9BDFFB6B-5371-C73A-12FD-05869CB32EF3} - C:\DOCUME~1\ADMINI~1\APPLIC~1\OWNSDE~1\intrateam.exe
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NAV Agent] C:\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [TaskTray] C:\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: Shortcut to TeaTimer.exe.lnk = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Desktop Search.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?ff664bcf9f246dbbd1c7e9d5dae533a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?ff664bcf9f246dbbd1c7e9d5dae533a
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Spyware Doctor (HKLM)
O9 - Extra button: Share in Hello (HKLM)
O9 - Extra 'Tools' menuitem: Share in H&ello (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.hotmail.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

Murdy
2005-11-09, 21:09
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BAA0EDE-851D-40CD-824D-427141CCB705}: NameServer = 194.74.65.69 62.6.40.178
O18 - Protocol: bwh0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} -
C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

LonnyRJones
2005-11-09, 22:42
Hello

In addremove program find messengerplus and start the uninstall
I suggest uninstalling it, but atleast choose to uninstall the sponcer software

Logfile of HijackThis v1.97.7 << old outdated version , see pinned topics for links to the current version, http://forums.spybot.info/showthread.php?t=288
get it and post a new log after that uninstall and a reboot please.

Murdy
2005-11-13, 23:23
Thanks for replying, sorry its taken a few days...

here is the new updated hijack this log after the uninstall.

Thanks once again :)

Logfile of HijackThis v1.99.1
Scan saved at 21:21:55, on 13/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\CTSVCCDA.EXE
C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\NORTON~1\NORTON~1\navapw32.exe
C:\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
E:\Winamp\winamp.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://www.ypvkmxhgniwomq.uk/m8DLI4VyCR3QWzYpuPn/k9B61/GLGPf5vCET7GyonBXr76u9zf9caGZyyLBQcVID.h

tml
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Malcs Internet Explorer
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Adobe\Acrobat

5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {9BDFFB6B-5371-C73A-12FD-05869CB32EF3} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton SystemWorks\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton

SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NAV Agent] C:\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe

/autorun
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch

USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [TaskTray] C:\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
O4 - Startup: Shortcut to TeaTimer.exe.lnk = C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Desktop Search.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?ff664bcf9f246dbbd1c7e9d5dae533a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar

Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?ff664bcf9f246dbbd1c7e9d5dae533a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program

Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} -

C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.hotmail.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -

http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BAA0EDE-851D-40CD-824D-427141CCB705}: NameServer =

194.74.65.69 62.6.40.178
O18 - Protocol: bw+0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Murdy
2005-11-13, 23:24
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Murdy
2005-11-13, 23:25
Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner -

C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTSVCCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Norton

SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe


Thank you again, i know its alot to look through, i'd buy ya a beer if i could :)

LonnyRJones
2005-11-14, 03:40
Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
hxxp://www.ypvkmxhgniwomq.uk/m8DLI4V...aGZyyLBQcVID.h (http://www.ypvkmxhgniwomq.uk/m8DLI4V...aGZyyLBQcVID.h)
O2 - BHO: (no name) - {9BDFFB6B-5371-C73A-12FD-05869CB32EF3} - (no file)
Optional fix's
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
====================================
Hit fix checked and close Hijackthis.

Restart the PC
Open notepad (not wordpad) and copy and paste the bolded below into it:

dir %Windir%\tasks /a h > files.txt
notepad files.txt

Save this as findjobs.bat , choose to save it as *all files and place it on your desktop.
Doubleclick on op findjobs.bat and post the content of the txtfile you get in your next reply

Murdy
2005-11-14, 19:21
Thank you, i have removed the items you said and here is the txt from findjobs.bat

Volume in drive C is Operator
Volume Serial Number is 88B2-8B28

Directory of C:\WINDOWS\tasks

13/11/2005 21:08 <DIR> .
13/11/2005 21:08 <DIR> ..
18/08/2001 12:00 65 desktop.ini
11/11/2005 20:00 480 Norton AntiVirus - Scan my computer.job
14/10/2005 16:30 404 Norton SystemWorks One Button Checkup.job
14/11/2005 17:13 6 SA.DAT
14/11/2005 16:35 380 Symantec NetDetect.job
5 File(s) 1,335 bytes

Directory of C:\Documents and Settings\Administrator\Desktop

LonnyRJones
2005-11-14, 22:28
Hi

Those results look fine

Be sure to read Tony's
So how did I get infected in the first place? (http://forums.spybot.info/showthread.php?t=279)
http://forums.spybot.info/showthread.php?t=279

tashi
2005-11-17, 19:41
As the malware problem appears to be resolved this topic will be archived.
If you need the topic reopened please pm your volunteer helper.

Glad we could help.