Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log- JAMEARS


  • Please log in to reply
7 replies to this topic

#1 jamears

jamears

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 11 July 2005 - 12:29 PM

Sorry for the wrong forum hope this is now correct!! I have carried out the instructions from the initial screen I was sent So spy doctor and noadware have been run. so here is the final step of my hijackthis log:

Thanks in advance for your help....

Logfile of HijackThis v1.99.1
Scan saved at 18:27:00, on 11/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HotBrick\Software Personal Firewall\PFWall.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\hookdump.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\JASONM~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\DOCUME~1\JASONM~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...www.yahoo.co.uk
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update] host32.exe
O4 - HKLM\..\Run: [Personal Firewall] C:\Program Files\HotBrick\Software Personal Firewall\PFWall.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NAVNet] "C:\DOCUME~1\JASONM~1\LOCALS~1\Temp\31.tmp" /m
O4 - HKLM\..\RunServices: [Windows Update] host32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{681E4F56-97C9-47DD-AFA1-A519B9529743}: NameServer = 194.74.65.69 62.6.40.178
O18 - Protocol: bw+0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:08:09 PM

Posted 13 July 2005 - 11:46 AM

Welcome to the forum.

First, I'm sorry to inform you, but noadware is considered to be a rogue spyware removal program. The same for Spy Doctor. You can get more information here. I would uninstall them through the control panel, add/remove programs.

Please download CCleaner from here
Install and run it, and clean out your Temporary and Temporary Internet Files (as well as anything else you may want to clean out.)

Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE from here
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.


Spybot Full Scan
Next, please download Spybot-S&D from here
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

Please download, install, update and scan your system with the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  • If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  • When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.

Edited by viccy, 13 July 2005 - 11:48 AM.


#3 jamears

jamears
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 16 July 2005 - 03:21 PM

Hi Thanks for your quick response and sorry for my delayed!!! Pissed off to find out about the 2 programs noadware and spydoctor had thought if you pay for them would be the real mcoy!! there you go live and learn!!!
Here are the latest copies of ewido and hijackthis!!

Jason


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 21:26:43, 16/07/2005
+ Report-Checksum: B2B35DF5

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{07F0CAA0-8206-9DCC-5402-D4CC24EC1764} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B4F9B2C-F81D-7C42-AE33-07F0FCB846EC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2621D1BF-0A92-2D9C-E595-02A9C3F76F46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FDECE36-9908-3C07-94EF-739590374096} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{346C69D8-47DA-8D25-2793-091F27AD1739} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A5B3B4A7-6BD2-E7CE-E654-7A1D658D1BB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A72CAEB7-7E44-7941-564B-A741D28B01DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BDA8AF27-D057-4727-6CE7-CFF4CE61A0FD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF1518B7-D821-1BF0-0368-AD32CBCF17E0} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Jason Mears\Cookies\jason mears@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jason Mears\Cookies\jason mears@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\BT Voyager 100 ADSL Modem\DslDrv\UserDiag.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Yahoo!\Messenger\ycomp.dll -> Spyware.Yahoo : Cleaned with backup
C:\WINDOWS\ActiveSkin.INI:ahbpno -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ActiveSkin.INI:ttyyd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\adddq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addoq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addoy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apibl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicd32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apijz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apirz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appbh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appck.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appel.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apppy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appto.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlig32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlqf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlra32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlwz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\btgdd.txt:vdbnwr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cdplayer.ini:tjdkf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:nxkzz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:wkocb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crea32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crgr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crnv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\croj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crsy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ma.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3nt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ph.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3po32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\dxrpy.txt:jlrph -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\hgqip.txt:bxrly -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hgqip.txt:enrjx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\hgqip.txt:ugtvi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ieiq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iemb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iepc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipye32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipym.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javady32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaqv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfccl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcdd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcdv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcoj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcqt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ModemLog_Intel® 536EP Modem.txt:dwzsn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ModemLog_Intel® 536EP V.92 Modem.txt:abbga -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ModemLog_Intel® 536EP V.92 Modem.txt:audwh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ModemLog_Intel® 536EP V.92 Modem.txt:btjlfe -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ModemLog_Intel® 536EP V.92 Modem.txt:gycxa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ModemLog_Standard 56000 bps Modem.txt:lbgbn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msai32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msdfmap.ini:ewvvu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mspc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mycwb.txt:cqmqh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netcg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nethh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nethr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netmx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nttl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntvc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntyr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:tedvef -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:ibqnyk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\PhotoSuite.ini:acjbsu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PhotoSuite.ini:khyoi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PhotoSuite.ini:pchoo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\QSync.INI:fdacb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sawkm.txt:isysvk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:eurrz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:gdebtk -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\sdknu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkqb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkvq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysom32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syspy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system.ini:bnppt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system.ini:txkqa -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32:teaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\addbo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addee.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addlz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addnh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addrs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addvv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addzl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apilp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiud.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apizh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appeu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appij.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\applq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appmx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atldu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlgs.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\atlvd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlwu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crdm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cred32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crqc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crvc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crvn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crxh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crxy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3bk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3gt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3kg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3qh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3tk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieip32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ierb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipvb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javagg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javakj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javatw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javayn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\javazd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javazs.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfche.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcsh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcwq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcxe.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mspm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mssm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msxh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netiy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netle.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netpz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netsf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntja.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntjz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nttc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntvu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntxw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkgf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkgh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkos.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkvc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkwn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkzr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysby32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysnv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysxg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wincm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wincp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winsn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winwk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syswp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\vb.ini:bjwel -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\win.ini:dchxh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\win.ini:riynod -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\win.ini:wzfgr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\windu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winhw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winkf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winmx.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winrj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wintq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winvj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winwi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winws32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winxn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wwdslcfg.ini:quewx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wyvav.txt:rlmzu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\yyvmo.txt:ehhip -> TrojanDownloader.Agent.bc : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 21:27:44, on 16/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HotBrick\Software Personal Firewall\PFWall.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\JASONM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...www.yahoo.co.uk
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Personal Firewall] C:\Program Files\HotBrick\Software Personal Firewall\PFWall.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NAVNet] "C:\DOCUME~1\JASONM~1\LOCALS~1\Temp\31.tmp" /m
O4 - HKLM\..\RunServices: [Windows Update] host32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{681E4F56-97C9-47DD-AFA1-A519B9529743}: NameServer = 194.74.65.69 62.6.40.178
O18 - Protocol: bw+0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by jamears, 16 July 2005 - 03:22 PM.


#4 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:08:09 PM

Posted 16 July 2005 - 05:06 PM

That was an impressive list of malware that Ewido took care of. Now, we'll get started on the rest of it.

Hijack This needs to be in a permanent folder before we use it for fixes. Please do this:
Click My Computer, then C:\
In the menu bar, choose File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis" by right clicking on the folder name and choose "rename". Now you have C:\HJT\ folder.

Download Hijack This
Put your HijackThis.exe in the file you just created, and double click to run it.

Put a checkmark next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...www.yahoo.co.uk
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [NAVNet] "C:\DOCUME~1\JASONM~1\LOCALS~1\Temp\31.tmp" /m
O4 - HKLM\..\RunServices: [Windows Update] host32.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm


These are optional fixes. It does not delete the program, just keeps them from loading at startup and will free up some resources.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - Startup: PowerReg Scheduler.exe


Close all windows and browsers and click "fix checked". Restart your computer and post a new log.

#5 jamears

jamears
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 17 July 2005 - 04:13 AM

:thumbsup: Thanks looking really good already!!! You are a wizard!! Here is the latest.........
Jason



Logfile of HijackThis v1.99.1
Scan saved at 10:16:27, on 17/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\HotBrick\Software Personal Firewall\PFWall.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Personal Firewall] C:\Program Files\HotBrick\Software Personal Firewall\PFWall.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} (mailhelper Class) - https://register.btinternet.com/templates/b...lcontrol013.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bw+0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1B8BD4E0-B706-4C4C-9502-D7A4A5D47FC7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:08:09 PM

Posted 17 July 2005 - 10:24 AM

Logitec Desktop Messenger is seldom used ny anyone and can be uninstalled. That will clean up the 018 entries.

One thing I would like to clarify. You stated you had Spy Doctor, which is a rogue program. However, if you meant Spyware Doctor, that is a legitimate program.

How is your computer running now?

#7 jamears

jamears
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 18 July 2005 - 02:35 PM

seems to be fine, Thanks for the help. Can all the O18 entries go? It was spyware doctor that I had sorry mix up in the name!!! Thanks for the help.

Jason

#8 viccy

viccy

    Malware Exterminator


  • Security Colleague
  • 433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas
  • Local time:08:09 PM

Posted 18 July 2005 - 04:15 PM

Theoretically, if you uninstall the Logitech Messenger, this will get rid of the 018's, but if it doesn't, you can have Hijack This fix them.

Glad we could help you.

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacoolsoftware.com/spywareguard.html


IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
https://netfiles.uiuc.edu/ehowes/www/resource.htm

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see How did I get infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
http://v4.windowsupdate.microsoft.com/ and following the prompts.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users