Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj/cheateng-a Virus


  • Please log in to reply
1 reply to this topic

#1 pursuitking

pursuitking

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 03 November 2007 - 02:00 AM

Please help...this the only information I have...my anti-virus program(MSN Spysweeper) picks up "Troj/cheateng-A" but before sweep can complete, my computer shuts off never letting the sweep finish in order to quarantine or delete the virus....I also use a remote computer monitoring program(Sniperspy) that I do not want to screw with...Can u help? Here is my HiJackthis log......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:55 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ED46E61C-C391-49ED-82F8-A3DCAA44671F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{D0324548-0576-1033-0903-041006200001}] "C:\Program Files\Common Files\{D0324548-0576-1033-0903-041006200001}\Update.exe" te-110-12-0000073
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: mSpace Toolbar - {ED46E61C-C391-49ED-82F8-A3DCAA44671F} - (no file)
O9 - Extra 'Tools' menuitem: mSpace Toolbar - {ED46E61C-C391-49ED-82F8-A3DCAA44671F} - (no file)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://clbchma02.ci.long-beach.ca.us/iNotes.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4EABBB94-847F-45CB-8C70-99AE8E88635A} (WebClient Control) - http://71.108.31.205/WebCamX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135588739359
O16 - DPF: {BA5E57BB-88D5-422A-AC9E-C01A6EEE2537} (WebDvr3 Class) - http://www.lbtdc.mine.nu/WebDvr3.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - https://www.verizon.net/WhatsNext/CheckMyPc...tivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bw+0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D30A8696-C2B7-45CA-BBB3-CD427A78F638} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 27769 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 03 November 2007 - 08:26 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum pursuitking :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Click Start/Control Panel/Add or Remove Programs and remove MyWebSearch,then restart your pc.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This changed in 2006,read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player



Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*NOTE*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users