Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Explorer.Exec Crash


  • Please log in to reply

#1
nigs

nigs

    Member

  • Member
  • PipPip
  • 10 posts
Please find my HijackthisLog and Startup List Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:27 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v7.00

(7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSv

c.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet

Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI

Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03

\bin\jusched.exe
C:\Program Files\hpq\HP Wireless

Assistant\HP Wireless Assistant.exe
C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch

Buttons\EabServr.exe
C:\Program Files\MusicMatch\MusicMatch

Jukebox\mmtask.exe
C:\Program Files\Huawei\MT882

\dslagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program

Files\Creative\MediaSource\Detector\CTDe

tect.exe
C:\office-sohail\Home PC

files\iridium.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Documents and

Settings\sohail\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=

pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Windows

Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com

IESiteBlocker.NavFilter - {3CA2F312-

6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7

-56A6-4D68-A8CF-345BE45BC911} -

C:\Program Files\Yahoo!

\SearchSuggest\YSearchSuggest.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-

4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-

D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O2 - BHO: (no name) - {bc97b254-b2b9-

4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-

B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!

\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program

Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_03

\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant]

C:\Program Files\hpq\HP Wireless

Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl]

C:\Program Files\HPQ\Quick Launch

Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program

Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher]

c:\hp\drivers\hplsbwatcher\lsburnwatcher

.exe
O4 - HKLM\..\Run: [Symantec NetDriver

Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

/Consumer
O4 - HKLM\..\Run: [Logitech Hardware

Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program

Files\MusicMatch\MusicMatch

Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLAGENTEXE]

C:\Program Files\Huawei\MT882

\dslagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe

Media Manager] C:\PROGRA~1

\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative Detector]

"C:\Program

Files\Creative\MediaSource\Detector\CTDe

tect.exe" /R
O4 - HKCU\..\Run: [IridiumTimeWizard]

C:\office-sohail\Home PC

files\iridium.exe
O4 - HKCU\..\Run: [updateMgr]

"C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe"

AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer]

C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program

Files\Common Files\Microsoft

Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25

-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11

\REFIEBAR.DLL
O9 - Extra button: (no name) -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot -

Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF:

START_PAGE_URL=http://ie.redirect.hp.com

/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=

pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-

365FF330A3AC} (Hewlett-Packard Online

Support Services) -

http://h20278.www2.h.../HPISWeb/Custom

er/cabs/HPISDataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-

fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-

BE107C0EC166} (Windows Live Safety

Center Base Module) -

http://cdn.scan.onec...ive.com/resourc

e/download/scanner/wlscbase9563.cab
O18 - Protocol: bw+0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C34B9B80B32B} -

C:\Program Files\Logitech\Desktop

Messenger\8876480

\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F93E6614-CC42-

486E-95B8-DBAFE395F290} - C:\Program

Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -

{F93E6614-CC42-486E-95B8-DBAFE395F290} -

C:\Program Files\Logitech\Desktop

Messenger\8876480

\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: winsih32 -

winsih32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. - C:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate

Scheduler - Symantec Corporation -

C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSv

c.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy

(ccProxy) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Creative Service for

CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi)

- Hewlett-Packard Development Company,

L.P. - C:\Program

Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service

(iPodService) - Apple Computer, Inc. -

C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec

Corporation - C:\Program Files\Norton

Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct

Disc Labeling Service

(LightScribeService) - Unknown owner -

C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec

Corporation - C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-

Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton

Internet Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Program Files\Norton

Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1

\SBServ.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec Corporation

- C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) -

Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
O23 - Service: Windows Action Script -

Unknown owner - C:\WINDOWS\system32

\scvhost.exe (file missing)

--
End of file - 23367 bytes
==========================================================

[My Startup List Log:

StartupList report, 5/29/2008, 2:41:23 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\sohail\Desktop\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16640)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\office-sohail\Home PC files\iridium.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sohail\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\sohail\Start Menu\Programs\Startup]
wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
hpWirelessAssistant = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HP Software Update = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
eabconfg.cpl = C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe
LSBWatcher = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
DSLAGENTEXE = C:\Program Files\Huawei\MT882\dslagent.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
PhotoShow Deluxe Media Manager = C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
Creative Detector = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
IridiumTimeWizard = C:\office-sohail\Home PC files\iridium.exe
updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
WormRadar.com IESiteBlocker.NavFilter - (no file) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll - {5A263CF7-56A6-4D68-A8CF-345BE45BC911}
(no name) - (no file) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {bc97b254-b2b9-4d40-971d-78e0978f5f26}
(no name) - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - sohail.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Hewlett-Packard Online Support Services]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll
CODEBASE = http://h20278.www2.h...DataManager.CAB

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onec...lscbase9563.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Program Files\HPQ\Shared\hpqwmi.events|||\

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 9,402 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,919 posts
Hi nigs,

Can you repost the logs and remove the wordwrap.
The short broken lines make it hard to read the logs.

You can fix all the lines that start with:
O18 - Protocol: bw-

Thanks,
  • 0

#3
nigs

nigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have reposted my logs...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:45 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\office-sohail\Home PC files\iridium.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\sohail\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [IridiumTimeWizard] C:\office-sohail\Home PC files\iridium.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O18 - Protocol: bw+0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: winsih32 - winsih32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)

--
End of file - 23096 bytes
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,919 posts
Please read here how to disable Teatimer dn do that for the time being.
Open HJT, run a system scan only, check mark these lines if present

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O18 - Protocol: bw+0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F93E6614-CC42-486E-95B8-DBAFE395F290} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: winsih32 - winsih32.dll (file missing)
O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe (file missing)

Close all other browsers/windows, click fix checked, close HJT.

Reboot your computer and check if these files are really gone:
C:\WINDOWS\system32\scvhost.exe <= Note: not the same as svchost.exe
C:\WINDOWS\system32\winsih32.dll


Create and post a new HijackThis log when you are done.
  • 0

#5
nigs

nigs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thank you for all your time and support!

After following all the steps provided by you, i checked for those files and did not find them.

Here is the HJT log created after the process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:02 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\office-sohail\Home PC files\iridium.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sohail\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [IridiumTimeWizard] C:\office-sohail\Home PC files\iridium.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.h...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10603 bytes

Thanks Again!
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,919 posts
The log is clean now.
Not that there was a lot wrong with it.

Try and download SP3 again. Let me know what exactly happens.
If it goes wrong and I know where exactly that might be helpfull.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP