about:blank Internet Explorer Worm

Discussion in 'Computer Support' started by Ben Lord, May 24, 2005.

  1. Ben Lord

    Ben Lord Guest

    Hi

    I am running IE6 and everytime I go into it, it always comes up with
    about:blank and www.startsearches.net as the default home page. I am unable
    to change this.

    I have looked at various things and dont seem to be getting anywhere fast -
    here is the HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:24:25, on 24/05/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\System32\WFXSVC.EXE
    C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\popuper.exe
    C:\WINNT\system32\shnlog.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINNT\system32\wfxsnt40.exe
    C:\WINNT\system32\intmonp.exe
    C:\WINNT\system32\P2P Networking\P2P Networking.exe
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    C:\WINNT\SOUNDMAN.EXE
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\intmon.exe
    C:\Program Files\BBC News alerts\skinkers.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
    C:\WINNT\system32\svchost.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\ZipCentral\ZCentral.exe
    C:\DOCUME~1\BENLOR~1\LOCALS~1\Temp\_ZCTmp.Dir\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://www.startsearches.net/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www.startsearches.net/bar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://www.startsearches.net/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.startsearches.net/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    http://www.startsearches.net/search.php?qq=%1
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://www.startsearches.net/search.php?qq=%1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    http://www.startsearches.net/
    O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} -
    C:\WINNT\system32\hp9961.tmp
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
    C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file
    missing)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
    Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NS] ns.exe
    O4 - HKLM\..\Run: [nse] nse.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
    Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [service32] service32.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe
    /BOOT
    O4 - HKLM\..\Run: [Microsoft System Checkup] wnetmgr.exe
    O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P
    Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [DataLayer]
    C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication]
    C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
    bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
    Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\RunServices: [NS] ns.exe
    O4 - HKLM\..\RunServices: [nse] nse.exe
    O4 - HKLM\..\RunServices: [service32] service32.exe
    O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetmgr.exe
    O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr
    SpeedTouch\drst.exe" -b
    O4 - HKCU\..\Run: [BBCNewsalertsCluster] C:\Program Files\BBC News
    alerts\skinkers.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
    /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: RoadAngel USB.lnk = C:\Program
    Files\RoadAngelUSB\RoadAngelUSB.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat
    6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
    Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Controller.LNK = C:\Program
    Files\Symantec\WinFax\WFXCTL32.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program
    Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program
    Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} -
    C:\WINNT\system32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed -
    {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\system32\ms.exe (file
    missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
    Files\AIM95\aim.exe
    O9 - Extra button: @btrez.dll,-4015 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth
    Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth
    Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
    Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
    http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1112546161147
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
    O18 - Protocol: bw+0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -
    C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4B850FBD-34BD-4237-95BD-528C93C6B761} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4B850FBD-34BD-4237-95BD-528C93C6B761} -
    C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program
    Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program
    Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NS (MSLLR) - Unknown owner -
    C:\WINNT\System32\ns.exe" -service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
    C:\WINNT\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation -
    C:\WINNT\System32\WFXSVC.EXE

    Any suggestions as to what else I should do? I have run AdAware and it
    cannot seem to shift it and I have tried removing the Registry entries
    directly without success.

    Please help!!!

    Thanks
    Ben
    Ben Lord, May 24, 2005
    #1
    1. Advertising

  2. Ben Lord

    Guest

    You should have not included the, "start searhes link", because many
    unknowledgeable people may click on it for curiosity, and then also
    have the problem!

    Also, there are forums, and news groups that specialize in this type of
    thing.

    I have managed to get rid of hijacks with CWshredder, Spybot, and
    AdawareSE.

    If you can spend the time on it, and have a discent in depth knowledge
    of what is going on in your operating system, you should be able to get
    rid of it manualy. This can turn out to be many hours of work.

    If you cannot get rid of it within a reasonable period of time, you may
    be best off to reformat the drive. This is why I like to keep an up to
    date backup image of my systems.

    Jerry G.
    ======
    , May 24, 2005
    #2
    1. Advertising

  3. From: "Ben Lord" <>

    | Hi
    |
    | I am running IE6 and everytime I go into it, it always comes up with
    | about:blank and www.startsearches.net as the default home page. I am unable
    | to change this.

    < HJT Log snipped >

    | Any suggestions as to what else I should do? I have run AdAware and it
    | cannot seem to shift it and I have tried removing the Registry entries
    | directly without success.
    |
    | Please help!!!
    |
    | Thanks
    | Ben
    |
    Donk
    Ben:

    Neither alt.comp.virus and microsoft.public.security.virus are the best place to post HJT
    Logs.

    However, a quick look revealed two items of interest...


    O4 - HKLM\..\Run: [Microsoft System Checkup] wnetmgr.exe
    Possible SDbot worm

    O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe

    -------

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear


    Download CLEAN.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/clean.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
    { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
    (.lnk) files and a PDF instruction file.

    GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
    Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
    to allow the FTP utility to download the needed files

    CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
    to scan again at a future date, run this batch file. It will automatically check the date
    of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
    signature files and install them before performing the scan.

    DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
    you have booted from an Emergency Boot Disk or DOS disk and have already executed;
    c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
    http://www.bootdisk.com/bootdisk.htm

    I need you to perform the following...

    Execute; CLEAN.EXE
    Choose; Unzip
    Choose; Close

    Execute; c:\mcafee\GetFiles.BAT
    { or Double-click on 'GetFiles Link' in c:\mcafee }

    Reboot the PC into Safe Mode [F8 key during boot]

    Shutdown as many applications as possible !
    It would also help for you to read - "How to perform a clean boot in Windows XP"
    http://support.microsoft.com/kb/310353

    Execute; c:\mcafee\CLEAN.BAT
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
    end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
    It is suggested that you move the report out of c:\mcafee before performing another scan.
    It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.


    * * * Please report back your results * * *




    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 25, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lord Shaolin
    Replies:
    6
    Views:
    2,520
    John Tate
    Aug 20, 2003
  2. code_wrong

    worm/spybot.17.t (worm spybot 17t) detected by AVG

    code_wrong, May 15, 2004, in forum: Computer Security
    Replies:
    0
    Views:
    619
    code_wrong
    May 15, 2004
  3. Imhotep
    Replies:
    4
    Views:
    580
    Edw. Peach
    Jan 30, 2006
  4. Danny

    Worm\Spybot (P2P-Worm.Win32.SpyBot.a)

    Danny, Aug 14, 2005, in forum: Computer Information
    Replies:
    0
    Views:
    489
    Danny
    Aug 14, 2005
  5. =?Utf-8?B?R3JlZyBLaXJrcGF0cmljaw==?=

    blank CD-R and blank DVD-R not recognized by Vista 64 Ultimate

    =?Utf-8?B?R3JlZyBLaXJrcGF0cmljaw==?=, Sep 13, 2007, in forum: Windows 64bit
    Replies:
    13
    Views:
    1,144
    =?Utf-8?B?VGVsZXN0ZXM=?=
    Nov 7, 2007
Loading...

Share This Page