Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

please help me with blackworm [RESOLVED]

Started by haurum , Mar 17 2006 04:15 PM

  • This topic is locked This topic is locked

#1
haurum
Posted 17 March 2006 - 04:15 PM

haurum

    Member

  • Member
  • PipPip
  • 22 posts
I keep getting this pop up's there are saying that my computer is infected with blackworm virus and other pop up's about commercials.

PLEASE HELP! :tazz:
  • 0

Advertisements

#2
Flrman1
Posted 17 March 2006 - 09:37 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi haurum

Welcome to G2G! :tazz:

Please do this:

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
haurum
Posted 18 March 2006 - 05:14 AM

haurum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have done what you said and here it is:


Logfile of HijackThis v1.99.1
Scan saved at 12:13:24, on 18-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\WinAntiVirus Pro 2006\WinAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Programmer\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload464a.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: bw+0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\k8pm0i71e8.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#4
Flrman1
Posted 18 March 2006 - 10:30 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download Look2Me-Destroyer.exe and save it to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message:
    • Done removing infected files! Look2Me-Destroyer will now shutdown your computer
  • Click OK then your computer will shutdown.
  • Wait 60 seconds then turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX
  • 0

#5
haurum
Posted 19 March 2006 - 07:29 AM

haurum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
here is my new Hijack log :tazz::

C:\Look2Me-Destroyer.txt

Logfile of HijackThis v1.99.1
Scan saved at 14:24:32, on 19-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload464a.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: bw+0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#6
haurum
Posted 19 March 2006 - 07:34 AM

haurum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
And if you need my Look2Me-Destroyer V1.0.11 report then here:

Scanning for infected files.....
Scan started at 19-03-2006 14:15:04

Infected! C:\WINDOWS\system32\i8240ifqe82e0.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036823.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036850.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036852.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036916.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036930.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036942.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036952.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037017.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037027.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037114.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037124.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037348.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037356.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037359.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037367.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037370.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037378.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037385.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037393.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037396.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037404.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037407.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037415.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037418.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037438.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037458.dll
Infected! C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037467.dll
Infected! C:\WINDOWS\system32\hr2205foe.dll
Infected! C:\WINDOWS\system32\i8240ifqe82e0.dll
Infected! C:\WINDOWS\system32\mngsvc.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\i8240ifqe82e0.dll
C:\WINDOWS\system32\i8240ifqe82e0.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036823.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036823.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036850.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036850.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036852.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036852.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036916.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036916.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036930.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036930.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036942.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036942.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036952.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036952.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037017.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037027.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037027.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037114.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037114.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037124.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037124.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037348.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037348.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037356.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037356.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037359.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037359.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037367.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037367.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037370.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037370.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037378.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037378.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037385.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037385.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037393.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037393.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037396.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037396.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037404.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037404.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037407.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037407.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037415.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037415.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037418.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037418.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037438.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037438.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037458.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037458.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037467.dll
C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037467.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr2205foe.dll
C:\WINDOWS\system32\hr2205foe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i8240ifqe82e0.dll
C:\WINDOWS\system32\i8240ifqe82e0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mngsvc.dll
C:\WINDOWS\system32\mngsvc.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A70ACC8D-BDD4-44FF-8D18-0184645A788B}"
HKCR\Clsid\{A70ACC8D-BDD4-44FF-8D18-0184645A788B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{37E3D834-5956-4635-ABD1-598F7B97FBE4}"
HKCR\Clsid\{37E3D834-5956-4635-ABD1-598F7B97FBE4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A24072B2-A7B0-449D-A089-4151710E5717}"
HKCR\Clsid\{A24072B2-A7B0-449D-A089-4151710E5717}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A6860622-54DC-4D20-840B-EABB0695186D}"
HKCR\Clsid\{A6860622-54DC-4D20-840B-EABB0695186D}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administratorer - Succeeded
  • 0

#7
Flrman1
Posted 19 March 2006 - 06:08 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [newname] C:\\newname2.exe

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload464a.exe

Fix ALL the O18 entries like this one:

O18 - Protocol: bw+0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    C:\newname2.exe

  • Click on the button that has the red circle with the X in the middle.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Exit the Killbox.

* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#8
haurum
Posted 20 March 2006 - 12:17 PM

haurum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I have done what you said, and here is the logs. But when i delete the C:\newname2.exe file.
Killbox say that it dosn't exist. :tazz:



Logfile of HijackThis v1.99.1
Scan saved at 19:12:37, on 20-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: bw+0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe




And here is the log from "ActiveScan"


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temp\Cookies\nina@com[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temp\Cookies\[email protected][1].txt
Adware:Adware/nCase Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temporary Internet Files\Content.IE5\PCOQ836K\AppWrap[1].exe
Adware:adware/adurl Not disinfected C:\Documents and Settings\Nina\Skrivebord\Remove Spyware.url
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Programmer\Fælles filer\WinAntiVirus Pro 2006\WapCHK.dll
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whiehlpr.dll]
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\WINDOWS\Downloaded Program Files\UERSK_0001_N68M2202NetInstaller.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload2.dat
Adware:Adware/nCase Not disinfected C:\WINDOWS\icont.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs






Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\UERSK_0001_N68M2202NetInstaller.exe
Adware:adware/adurl Not disinfected C:\Documents and Settings\Nina\Skrivebord\Remove Spyware.url
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload2.dat
Adware:adware/commad Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\Documents and Settings\Nina\Application Data\WinAntiVirus Pro 2006
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temp\Cookies\nina@com[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temp\Cookies\[email protected][1].txt
Adware:Adware/nCase Not disinfected C:\Documents and Settings\Nina\Lokale indstillinger\Temporary Internet Files\Content.IE5\PCOQ836K\AppWrap[1].exe
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Programmer\Fælles filer\WinAntiVirus Pro 2006\WapCHK.dll
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WHCC2.exe[whiehlpr.dll]
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\WINDOWS\Downloaded Program Files\UERSK_0001_N68M2202NetInstaller.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\icont.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
  • 0

#9
Flrman1
Posted 20 March 2006 - 02:37 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O18 - Protocol: bw+0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {3B66D4F8-74D8-466B-B4B1-4AEABBCBBB14} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll



* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Nina\Skrivebord\Remove Spyware.url
    C:\Programmer\Fælles filer\WinAntiVirus Pro 2006
    C:\WHCC2.exe
    C:\WINDOWS\Downloaded Program Files\UERSK_0001_N68M2202NetInstaller.exe
    C:\WINDOWS\drsmartload2.dat
    C:\WINDOWS\icont.exe
    C:\WINDOWS\uninstall_nmon.vbs

  • Next in Killbox go to File > Paste from clipboard
  • Click on the All Files button.
  • Next click on the button that has the red circle with the white X in the middle.
  • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, run Kaspersky online virus scan here.

When given the option, choose the "Extended database" for the scan.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#10
haurum
Posted 21 March 2006 - 09:07 AM

haurum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here are what you asking for :tazz: :




Infected Object Name Virus Name Last Action
C:\!KillBox\icont.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

C:\!KillBox\UERSK_0001_N68M2202NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.d skipped

C:\!KillBox\WHCC2.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\!KillBox\WHCC2.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\!KillBox\WHCC2.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\!KillBox\WHCC2.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\!KillBox\WHCC2.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\!KillBox\WHCC2.exe RarSFX: infected - 5 skipped

C:\Programmer\Norton AntiVirus\Quarantine\1779542C.dll Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Programmer\Norton AntiVirus\Quarantine\17BF754B.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Programmer\Norton AntiVirus\Quarantine\2BB62153.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Programmer\Norton AntiVirus\Quarantine\2BB62153.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Programmer\Norton AntiVirus\Quarantine\42A96AFF.exe Infected: Trojan-Downloader.Win32.Adload.aa skipped

C:\Programmer\Norton AntiVirus\Quarantine\64D50E77.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Programmer\Norton AntiVirus\Quarantine\64D50E77.exe NSIS: infected - 1 skipped

C:\Programmer\Norton AntiVirus\Quarantine\64D50E77.exe CryptFF: infected - 1 skipped

C:\Programmer\Norton AntiVirus\Quarantine\66AB5C9B.exe Infected: Trojan-Downloader.Win32.Adload.x skipped

C:\Programmer\Norton AntiVirus\Quarantine\673568B5.exe Infected: Trojan-Downloader.Win32.Adload.x skipped

C:\Programmer\Norton AntiVirus\Quarantine\6A960622.exe Infected: Trojan-Downloader.Win32.VB.yn skipped

C:\Programmer\Norton AntiVirus\Quarantine\7FA37BD3.frA Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036800.exe Infected: Trojan-Clicker.Win32.VB.li skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036812.exe Infected: Trojan-Downloader.Win32.Adload.x skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036815.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036816.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036818.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036827.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036925.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036925.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036926.exe Infected: Trojan-Downloader.Win32.VB.yn skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP56\A0036927.exe Infected: Trojan-Downloader.Win32.Adload.aa skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP58\A0037468.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP60\A0037646.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP60\A0037646.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP60\A0037646.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP60\A0037646.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP60\A0037646.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP60\A0037646.exe RarSFX: infected - 5 skipped

C:\System Volume Information\_restore{8A874B68-4C07-47A8-A5D3-718434C2D885}\RP60\A0037647.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

Scan process completed.





Logfile of HijackThis v1.99.1
Scan saved at 16:07:11, on 21-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Logitech\SetPoint\SetPoint.exe
C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\Programmer\iTunes\iTunes.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#11
Flrman1
Posted 21 March 2006 - 09:28 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Go ahead and delete the c:\!killbox folder then empty the Recycle Bin.

How is the computer running now?

Please open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#12
haurum
Posted 22 March 2006 - 08:25 AM

haurum

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
The computer are running good now. Thank you for your help. But can you teach me to remove a program from the computer so there is no files back from the program?



Ad-Aware SE Personal
BSPlayer
ccCommon
DVD43 v3.7.0
Half-Life® 2
Hijackthis 1.99.1
HijackThis 1.99.1
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 3
LimeWire 4.10.5
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Office XP Standard
MSN Messenger 7.5
Nero Suite
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Drivers
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB910437)
PowerDirector
QuickTime
Realtek AC'97 Audio
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 9 (KB911565)
Sikkerhedsopdatering til Windows XP (KB890046)
Sikkerhedsopdatering til Windows XP (KB893066)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896422)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB905915)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913446)
SPBBC
Steam™
Symantec
Symantec Script Blocking Installer
SymNet
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Your Uninstaller! 2006 Version 5
  • 0

#13
Flrman1
Posted 22 March 2006 - 09:02 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall this old version of Java:

J2SE Runtime Environment 5.0 Update 3


* Now go here and install the latest version of Java.


* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#14
Flrman1
Posted 03 April 2006 - 06:43 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP