please help

Discussion in 'Windows - Virus and spyware problems' started by bigkidd, Oct 25, 2006.

  1. bigkidd

    bigkidd Member

    Joined:
    Apr 2, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    11
    could someone take a look at this for me ? any advice is app. thanks HijackThis v1.99.1
    Scan saved at 12:47:05 PM, on 10/25/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\LEXBCES.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\LEXPPS.EXE
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\system32\devldr32.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    C:\hij\HijackThis_v1.99.1.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [DVDLauncher] "D:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145162411202
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145162500468
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37710.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - D:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    bigkidd, Oct 25, 2006
    #1
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Log is clean. Any problems or symptoms?

    Java is out of date.
    Go here and download [bold]Java Runtime Environment 5.0 Update 9[/bold].
    Uninstall all previous versions of JRE via Add/Remove Programs.
    Restart and install Update 9.
     
    Niobis, Oct 25, 2006
    #2
  3. aabbccdd

    aabbccdd Guest

    Niobis , i still been having problems ,when i shut down my machine i get a box about IE is still running and do i want to canel or end now. i click end now and its taking the machine several minutes to turn off ,plus when i am clicking links sometimes my machine is locking up and not responding same way with outlook express. any ideas? the SmithfraudFix logs are clean ,here is a hjt log

    Logfile of HijackThis v1.99.1
    Scan saved at 2:31:09 AM, on 10/26/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Trend Micro\Tmas\Tmas.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~3\PccGuide.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.insightbb.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
    O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe"
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150568516645
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150568622598
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: bw+0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {502DA882-DF0B-43E6-8583-3BD4CADD6148} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)
     
    Last edited by a moderator: Oct 25, 2006
    aabbccdd, Oct 25, 2006
    #3
  4. aabbccdd

    aabbccdd Guest

    SmitFraudFix v2.112

    Scan done at 2:46:17.46, Thu 10/26/2006
    Run from C:\Documents and Settings\Owner\My Documents\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    Last edited by a moderator: Oct 25, 2006
    aabbccdd, Oct 25, 2006
    #4
  5. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    @aabbccdd, HjT log is clean too. Update SmitfraudFix(current version is 2.113) then scan again. Also, I see you have the Kaspersky online scan have you run it to see if anything is showing up?
     
    Niobis, Oct 25, 2006
    #5
  6. aabbccdd

    aabbccdd Guest

    Kaspersky , came up clean

    smithfrudFix looks clean too

    SmitFraudFix v2.113

    Scan done at 11:22:35.90, Thu 10/26/2006
    Run from C:\Documents and Settings\Owner\My Documents\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    Last edited by a moderator: Oct 26, 2006
    aabbccdd, Oct 26, 2006
    #6
  7. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Well aabbccdd, doesn't seem your problem is related to malware. Not sure what could be causing it, sorry.
     
    Niobis, Oct 26, 2006
    #7

Share This Page