Results 1 to 10 of 10

Thread: Can someone help please?

  1. #1
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Smile Can someone help please?

    Hello, i am writing this on behalf of my father as this is his machine and it needs a serious make over but hes unwilling to format and reinstall.

    Hes had this comp for a few years and very rarely runs any anti virus or anti spyware software, i have done what i can to clean it up...ran a anti virus and spy bot, but i feel its not enough so im wondering if someone could take a quick look over the hijack this log.

    His system is Windows XP Pro SP2, IE verision 6.0.2900, AMD 1.4Ghz 512 ram, Gforce FX 5950.
    i have noticed that IE does have a stupid amount of search bars in it, so i've suggested to him to use firefox for the time being.

    Thank you

    here is the log.

    Logfile of HijackThis v1.97.7
    Scan saved at 18:44:21, on 09/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\WINDOWS\System32\CTSVCCDA.EXE
    C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\NORTON~1\NORTON~1\navapw32.exe
    C:\NORTON~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\TBPanel.exe
    C:\Quick Time Media Player\qttask.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\PROGRA~1\SPYWAR~2\swdoctor.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\webshots.scr
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ypvkmxhgniwomq.uk/m8DLI4V...yyLBQcVID.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Malcs Internet Explorer
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F0 - system.ini: Shell=
    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: (no name) - {9BDFFB6B-5371-C73A-12FD-05869CB32EF3} - C:\DOCUME~1\ADMINI~1\APPLIC~1\OWNSDE~1\intrateam.exe
    O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NAV Agent] C:\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [TaskTray] C:\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] C:\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - Startup: Shortcut to TeaTimer.exe.lnk = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Webshots.lnk.disabled
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Windows Desktop Search.lnk.disabled
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?ff664bcf9f246dbbd1c7e9d5dae533a
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?ff664bcf9f246dbbd1c7e9d5dae533a
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Spyware Doctor (HKLM)
    O9 - Extra button: Share in Hello (HKLM)
    O9 - Extra 'Tools' menuitem: Share in H&ello (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.hotmail.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

  2. #2
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default Part2

    http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BAA0EDE-851D-40CD-824D-427141CCB705}: NameServer = 194.74.65.69 62.6.40.178
    O18 - Protocol: bwh0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} -
    C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

  3. #3
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hello

    In addremove program find messengerplus and start the uninstall
    I suggest uninstalling it, but atleast choose to uninstall the sponcer software

    Logfile of HijackThis v1.97.7 << old outdated version , see pinned topics for links to the current version, http://forums.spybot.info/showthread.php?t=288
    get it and post a new log after that uninstall and a reboot please.

  4. #4
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default part1

    Thanks for replying, sorry its taken a few days...

    here is the new updated hijack this log after the uninstall.

    Thanks once again

    Logfile of HijackThis v1.99.1
    Scan saved at 21:21:55, on 13/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\WINDOWS\System32\CTSVCCDA.EXE
    C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\NORTON~1\NORTON~1\navapw32.exe
    C:\NORTON~1\WinFax\WFXSWTCH.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\TBPanel.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Creative\SBAudigy\Taskbar\CTLTray.exe
    C:\Creative\SBAudigy\Taskbar\CTLTask.exe
    C:\PROGRA~1\SPYWAR~2\swdoctor.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    E:\Winamp\winamp.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://www.ypvkmxhgniwomq.uk/m8DLI4V...aGZyyLBQcVID.h

    tml
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Malcs Internet Explorer
    F2 - REG:system.ini: Shell=
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Adobe\Acrobat

    5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

    C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
    O2 - BHO: (no name) - {9BDFFB6B-5371-C73A-12FD-05869CB32EF3} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

    C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

    Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Norton SystemWorks\Norton

    AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Norton

    SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

    Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

    irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NAV Agent] C:\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [WFXSwtch] C:\NORTON~1\WinFax\WFXSWTCH.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe

    /autorun
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch

    USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [TaskTray] C:\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [Taskbar] C:\Creative\SBAudigy\Taskbar\CTLTask.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~2\swdoctor.exe /Q
    O4 - Startup: Shortcut to TeaTimer.exe.lnk = C:\Program Files\Spybot - Search &

    Destroy\TeaTimer.exe
    O4 - Startup: Webshots.lnk.disabled
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Logitech\Desktop

    Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O4 - Global Startup: Windows Desktop Search.lnk.disabled
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar

    Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar

    Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?ff664bcf9f246dbbd1c7e9d5dae533a
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar

    Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?ff664bcf9f246dbbd1c7e9d5dae533a
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

    C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program

    Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} -

    C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.hotmail.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

    http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

    http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

    http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

    http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) -

    http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

    http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

    http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

    http://messenger.zone.msn.com/binary...n.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BAA0EDE-851D-40CD-824D-427141CCB705}: NameServer =

    194.74.65.69 62.6.40.178
    O18 - Protocol: bw+0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

  5. #5
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default part 2

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop
    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop

    Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

  6. #6
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default part 3

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {267A80F8-74DD-41B3-A2DE-7BEB53517C6C} - C:\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner -

    C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -

    C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

    C:\WINDOWS\System32\CTSVCCDA.EXE
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

    C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

    C:\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Norton

    SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

    C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program

    Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\NORTON~1\SPEEDD~1\nopdb.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

    Files\Symantec Shared\Security Center\SymWSC.exe


    Thank you again, i know its alot to look through, i'd buy ya a beer if i could

  7. #7
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Start Hijackthis and place a check next to these items If there.
    Close all browser windows and shut down all other programs that show in the taskbar. (even Folders)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    hxxp://www.ypvkmxhgniwomq.uk/m8DLI4V...aGZyyLBQcVID.h
    O2 - BHO: (no name) - {9BDFFB6B-5371-C73A-12FD-05869CB32EF3} - (no file)
    Optional fix's
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
    ====================================
    Hit fix checked and close Hijackthis.

    Restart the PC
    Open notepad (not wordpad) and copy and paste the bolded below into it:

    dir %Windir%\tasks /a h > files.txt
    notepad files.txt

    Save this as findjobs.bat , choose to save it as *all files and place it on your desktop.
    Doubleclick on op findjobs.bat and post the content of the txtfile you get in your next reply

  8. #8
    Junior Member
    Join Date
    Nov 2005
    Posts
    0

    Default

    Thank you, i have removed the items you said and here is the txt from findjobs.bat

    Volume in drive C is Operator
    Volume Serial Number is 88B2-8B28

    Directory of C:\WINDOWS\tasks

    13/11/2005 21:08 <DIR> .
    13/11/2005 21:08 <DIR> ..
    18/08/2001 12:00 65 desktop.ini
    11/11/2005 20:00 480 Norton AntiVirus - Scan my computer.job
    14/10/2005 16:30 404 Norton SystemWorks One Button Checkup.job
    14/11/2005 17:13 6 SA.DAT
    14/11/2005 16:35 380 Symantec NetDetect.job
    5 File(s) 1,335 bytes

    Directory of C:\Documents and Settings\Administrator\Desktop

  9. #9
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,485

    Default

    As the malware problem appears to be resolved this topic will be archived.
    If you need the topic reopened please pm your volunteer helper.

    Glad we could help.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •