Jump to content

not sure if my laptop is completely clean?

finningley310
 Share

Recommended Posts

finningley310

finningley310

Posted
Posted

hi i had antispyware 2009 on my system and used malwarebytes to clean it, however i am not sure if it is completely clean,

here is the log, hope you guys can help

Malwarebytes' Anti-Malware 1.30

Database version: 1308

Windows 5.1.2600 Service Pack 3

23/10/2008 12:16:22

mbam-log-2008-10-23 (12-16-18).txt

Scan type: Quick Scan

Objects scanned: 53344

Time elapsed: 38 minute(s), 53 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 4

Files Infected: 53

Memory Processes Infected:

C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Delete on reboot.

C:\Program Files\AntiSpywareXP2009\data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Start Menu\Programs\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\data\daily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program Files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\TDSS5897.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\TDSS5c31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSloqp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\TDSSb379.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\TDSSf534.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\TDSSf544.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\TDSSfd24.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Desktop\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS44bc.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS49cd.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS514e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS571b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS69b9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\svchost.exe.ren (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSciou.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSgicu.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSodwh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoeqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSpfse.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSqvbi.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSrrse.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSthym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSStiwt.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSStopv.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSkhyg.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSmwxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

Download SDFix and save it to your Desktop.

Double click SDFix.exe and the files will be extracted to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Reboot the computer into Safe mode.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • Any Trojan Services and Registry Entries that it finds will be removed then you will be prompted to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open and a copy of the report will be saved in the SDFix folder as Report.txt
    (Report.txt will also be copied automatically to your Clipboard and ready for posting back in the forum).
  • Finally paste the contents of the Report.txt back here along with a fresh HijackThis log.
Link to post
Share on other sites
finningley310

finningley310

Posted
  • Author
Posted

thanks heres my logs,

SDFix: Version 1.237

Run by Administrator on 26/10/2008 at 19:06

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Checking Services :

Restoring Default Security Values

Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\DOCUME~1\ALISON~1\COOKIES\EROVAP~1.DL - Deleted

C:\DOCUME~1\ALISON~1\COOKIES\ZAQECI~1._SY - Deleted

C:\DOCUME~1\ALISON~1\COOKIES\ETIPICE.PIF - Deleted

C:\DOCUME~1\ALISON~1\COOKIES\RURYJU.SYS - Deleted

C:\WINDOWS\system32\dllcache\figaro.sys - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-26 19:19:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]

"Epoch"=dword:00001981

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"

"C:\\APPS\\Powercinema\\PowerCinema.exe"="C:\\APPS\\Powercinema\\PowerCinema.exe:*:Enabled:PowerCinema"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 4 Oct 2005 210 A.SHR --- "C:\BOOT.BAK"

Mon 19 May 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\RECYCLER\S-1-5-21-1691188256-3580645401-2944781000-1006\Dc1611\SDUpdate.exe"

Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\RECYCLER\S-1-5-21-1691188256-3580645401-2944781000-1006\Dc1611\SpybotSD.exe"

Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\RECYCLER\S-1-5-21-1691188256-3580645401-2944781000-1006\Dc1611\TeaTimer.exe"

Sat 2 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"

Sat 7 Apr 2007 19,968 ...H. --- "C:\Documents and Settings\Alison Davenport\Application Data\Microsoft\Word\~WRL0003.tmp"

Sat 7 Apr 2007 19,968 ...H. --- "C:\Documents and Settings\Alison Davenport\Application Data\Microsoft\Word\~WRL1878.tmp"

Finished!

--------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:29:45, on 26/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O18 - Protocol: bw+0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: karna.dat

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--

End of file - 16557 bytes

Link to post
Share on other sites
finningley310

finningley310

Posted
  • Author
Posted
Uninstall the Logitech Desktop Messenger...run a manual update to mbam and scan once more. Post back THAT log and advise how the system behaves now. Thanks!

ok thanks for the help, i tried to uninstall logi desktop messeneger from add/remove programs but it wouldn`t kept getting message setup.exe has encountered a problem and neds to close, i deleted the file logitech desktop messenger from my hard drive program files, and followed your instructions,

Malwarebytes' Anti-Malware 1.30

Database version: 1328

Windows 5.1.2600 Service Pack 3

27/10/2008 17:33:38

mbam-log-2008-10-27 (17-33-38).txt

Scan type: Quick Scan

Objects scanned: 53261

Time elapsed: 10 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temporary Internet Files\Content.IE5\PGT8Y1HM\._file[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Link to post
Share on other sites
finningley310

finningley310

Posted
  • Author
Posted
ok thanks for the help, i tried to uninstall logi desktop messeneger from add/remove programs but it wouldn`t kept getting message setup.exe has encountered a problem and neds to close, i deleted the file logitech desktop messenger from my hard drive program files, and followed your instructions,

Malwarebytes' Anti-Malware 1.30

Database version: 1328

Windows 5.1.2600 Service Pack 3

27/10/2008 17:33:38

mbam-log-2008-10-27 (17-33-38).txt

Scan type: Quick Scan

Objects scanned: 53261

Time elapsed: 10 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temporary Internet Files\Content.IE5\PGT8Y1HM\._file[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSosvn.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Alison Davenport\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

sorry just to add system would appear to be running fine, ran another scan and reported all clear

Link to post
Share on other sites
finningley310

finningley310

Posted
  • Author
Posted

sorry, system would appear to be ok heres my lates hijack log

aaLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:15:56, on 27/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

aFiles\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O18 - Protocol: bw+0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw+0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw-0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw-0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw00 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw00s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw10 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw10s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw20 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw20s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw30 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw30s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw40 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw40s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw50 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw50s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw60 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw60s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw70 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw70s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw80 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw80s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw90 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw90s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwa0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwa0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwb0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwb0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwc0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwc0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwd0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwd0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwe0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwe0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwf0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwf0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwg0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwg0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwh0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwh0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwi0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwi0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwj0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwj0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwk0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwk0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwl0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwl0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwm0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwm0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwn0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwn0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwo0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwo0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwp0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwp0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwq0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwq0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwr0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwr0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bws0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bws0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwt0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwt0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwu0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwu0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwv0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwv0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bww0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bww0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwx0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwx0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwy0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwy0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwz0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwz0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: offline-8876480 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O20 - AppInit_DLLs: karna.dat

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--

End of file - 17648 bytes

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

The mbam reports that it was succesful in removing karna.dat but the entry reappears in the hjt log.

Run HijackThis again and check these:

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab

O20 - AppInit_DLLs: karna.dat

Close all windows before clicking Fix Checked.

Boot to safe mode. Locate and delete the following file indicated in Bold text:

C\Windows\System32\karna.dat

Reboot. Immediately, run hijackthis again and post THAT log. Thanks!

Link to post
Share on other sites
finningley310

finningley310

Posted
  • Author
Posted

appreciate your help,

i deleted the items u stated on the hijack log, however in safe mode the karna.dat file wasnt present, however followed your instructions and heres my log,

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:33:32, on 27/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O18 - Protocol: bw+0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw+0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw-0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw-0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw00 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw00s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw10 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw10s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw20 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw20s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw30 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw30s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw40 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw40s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw50 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw50s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw60 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw60s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw70 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw70s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw80 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw80s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw90 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw90s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwa0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwa0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwb0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwb0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwc0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwc0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwd0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwd0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwe0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwe0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwf0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwf0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwg0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwg0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwh0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwh0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwi0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwi0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwj0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwj0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwk0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwk0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwl0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwl0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwm0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwm0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwn0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwn0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwo0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwo0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwp0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwp0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwq0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwq0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwr0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwr0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bws0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bws0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwt0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwt0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwu0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwu0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwv0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwv0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bww0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bww0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwx0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwx0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwy0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwy0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwz0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwz0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: offline-8876480 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--

End of file - 17469 bytes

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

OK great! Let's do some house cleaning now.

  • Go to Control Panel-->Internet Options-->General tab
  • Click the "Settings" button under the Browsing history section.
  • Make sure the bullet is in the option for "Everytime I visit the webpage"
  • In the Disk space to use section, click the down arrow to reduce the disk space to use size to 50MB's.
  • Under the History section at the bottom, reduce the number of days to keep the websites you visit to whatever suits your needs...I use "0" so I won't even have to bother with deleting my history.
  • When finished, click the OK button.

Next, let's click the Security tab:

Click the "Default level" button at the bottom...do this for each of the 4 zones listed.

Next, click the Privacy tab. In the "Settings" section, make sure the slider is set to Medium. Under the Pop-up Blocker section at the bottom, be sure there is a check in the box for "Turn on Pop-up Blocker.

Next, click the Advanced tab. Scroll down to the "Security" section and check the box for the option to Empty Temporary Internet Files folder when browser is closed.

Next, please return to the General tab. In the Browsing history section, click the "Delete" button. Click to delete files, cookies, and history. When finished, click the close button at the bottom.

Next, to close Internet Properties and record the changes you've made, you must now Click "Apply" and "OK".

Clean other Temporary files + Recycle bin...Go to start-->run, then type: cleanmgr and click ok.

  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked then click "OK"

When finished, please reboot the computer.

Next, your Java application is out of date and causes a slight security risk as a result.

Please follow these steps to remove older version Java components:

  • Close any open programs you may have running, especially your web browser.
  • Click Start-->Control Panel-->Add or Remove Programs.
  • Click once on any item having Java Runtime Environment in it's name then click the "Remove" button.

Not every version of Java will begin with "Java" so be sure to read each entry in the list.

Repeat the third step above as many times as necessary to remove all versions of Java.

***NOTE***

If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

  • Navigate to and delete: C:\Program Files\Java<--the Java folder indicated in Bold Red Text (if found)
  • Then go to this page.
    Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications" and click the "Download" button to the right. Select the platform for "Windows".
  • Check the box that says: "I agree to the Java SE Runtime Environment # License Agreement", then click Continue...The page will refresh

Then, click on the link to download Windows Offline Installation. Save it to your desktop.

Now, from your desktop, double-click on the executable to install the newest version.

Post back one last fresh HijackThis log and advise how the system is now behaving. Thanks!

Link to post
Share on other sites
finningley310

finningley310

Posted
  • Author
Posted
OK great! Let's do some house cleaning now.
  • Go to Control Panel-->Internet Options-->General tab

  • Click the "Settings" button under the Browsing history section.

  • Make sure the bullet is in the option for "Everytime I visit the webpage"

  • In the Disk space to use section, click the down arrow to reduce the disk space to use size to 50MB's.

  • Under the History section at the bottom, reduce the number of days to keep the websites you visit to whatever suits your needs...I use "0" so I won't even have to bother with deleting my history.

  • When finished, click the OK button.

Next, let's click the Security tab:

Click the "Default level" button at the bottom...do this for each of the 4 zones listed.

Next, click the Privacy tab. In the "Settings" section, make sure the slider is set to Medium. Under the Pop-up Blocker section at the bottom, be sure there is a check in the box for "Turn on Pop-up Blocker.

Next, click the Advanced tab. Scroll down to the "Security" section and check the box for the option to Empty Temporary Internet Files folder when browser is closed.

Next, please return to the General tab. In the Browsing history section, click the "Delete" button. Click to delete files, cookies, and history. When finished, click the close button at the bottom.

Next, to close Internet Properties and record the changes you've made, you must now Click "Apply" and "OK".

Clean other Temporary files + Recycle bin...Go to start-->run, then type: cleanmgr and click ok.

  • Let it scan your system for files to remove.

  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked then click "OK"

When finished, please reboot the computer.

Next, your Java application is out of date and causes a slight security risk as a result.

Please follow these steps to remove older version Java components:

  • Close any open programs you may have running, especially your web browser.

  • Click Start-->Control Panel-->Add or Remove Programs.

  • Click once on any item having Java Runtime Environment in it's name then click the "Remove" button.

Not every version of Java will begin with "Java" so be sure to read each entry in the list.

Repeat the third step above as many times as necessary to remove all versions of Java.

***NOTE***

If you are asked to reboot at any point during the uninstallations, please do so. Then go back to Add/Remove and continue with the rest of the removals...when finished uninstalling all of them, reboot the computer.

  • Navigate to and delete: C:\Program Files\Java<--the Java folder indicated in Bold Red Text (if found)

  • Then go to this page.

    Scroll down to where it says "The Java Runtime Environment (JRE) allows end-users to run Java applications" and click the "Download" button to the right. Select the platform for "Windows".

  • Check the box that says: "I agree to the Java SE Runtime Environment # License Agreement", then click Continue...The page will refresh

Then, click on the link to download Windows Offline Installation. Save it to your desktop.

Now, from your desktop, double-click on the executable to install the newest version.

Post back one last fresh HijackThis log and advise how the system is now behaving. Thanks!

many thanks , system would appear to be handling great thanks, heres m new log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:32:08, on 28/10/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.co.uk/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility.\Gear511.exe -hide

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://games.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O18 - Protocol: bw+0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw+0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw-0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw-0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw00 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw00s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw10 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw10s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw20 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw20s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw30 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw30s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw40 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw40s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw50 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw50s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw60 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw60s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw70 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw70s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw80 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw80s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw90 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bw90s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwa0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwa0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwb0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwb0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwc0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwc0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwd0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwd0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwe0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwe0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwf0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwf0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwg0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwg0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwh0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwh0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwi0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwi0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwj0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwj0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwk0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwk0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwl0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwl0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwm0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwm0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwn0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwn0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwo0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwo0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwp0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwp0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwq0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwq0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwr0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwr0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bws0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bws0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwt0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwt0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwu0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwu0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwv0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwv0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bww0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bww0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwx0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwx0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwy0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwy0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwz0 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: bwz0s - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O18 - Protocol: offline-8876480 - {B71DC7F8-C77C-452A-8D4F-6571E8DB0CCF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--

End of file - 17898 bytes

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

That log looks clean...congratulations!

Now that your system is clean and running the way you expect, let's create a new restore point you can refer to should the need arise at some point in the future.

Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20060101_Clean) Click "Create" and reboot your computer.

To assist in the prevention of spyware infections:

Immunize your browser by installing Spywareblaster. What does it do?

  • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

You should always have at least (but not more than ) one of these types of third party firewalls running on board:

Kerio Personal Firewall

Zone Alarm

Outpost Free

Comodo

Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Using an alternate browser can reduce your chance of certain infections installing themselves. We recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup.

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

So how did I get infected in the first place?

Regards, and Happy Surfing!

Link to post
Share on other sites
1972vet

1972vet

Posted
Posted

This issue appears resolved and the thread is closed to prevent others from posting here.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.