Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Nice People


  • Please log in to reply
4 replies to this topic

#1 Robin_norway

Robin_norway

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 July 2006 - 05:30 PM

Well I ran a HijackThis test, I've had it on my computer for a long time but since I don't know much about it I wouldn't mess with it.

So I just ran a test and used an automatic HijackThis log helper thing to sort out all the stuff, it was mostly OK but this was registered as potential threats, also there where no comments, ratings or tips on how to deal with this so as the topic suggestes; please help me nice people:)





O18 - Protocol: bw+0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw+0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw-0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw-0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw00 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw00s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw10 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw10s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw20 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw20s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw30 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw30s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw40 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw40s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw50 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw50s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw60 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw60s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw70 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw70s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw80 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw80s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw90 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw90s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwa0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwa0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwb0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwb0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwc0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwc0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwd0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwd0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwe0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwe0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwf0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwf0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwg0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwh0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwh0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwi0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwi0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwj0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwj0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwk0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwk0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwl0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwl0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwm0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwm0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwn0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwn0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwo0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwo0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwp0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwp0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwq0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwq0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwr0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwr0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bws0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bws0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwt0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwt0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwu0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwu0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwv0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwv0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bww0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bww0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwx0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwx0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwy0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwy0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwz0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwz0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)


BTW, I'm enableing email notification on this and I hope there will be replies, helpful or not.
In advance, thanks.

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 26 July 2006 - 08:11 PM

Post the whole log and paste it vs. using code

Click here to download HJTsetup.exe:

http://www.thespykiller.co.uk/forum/index....=tpmod;dl=item5
Scroll down to the download section

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


========================

Add remove programs - remove logitech dsktop messenger
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Robin_norway

Robin_norway
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 27 July 2006 - 03:10 AM

Thanks for replying.

I already have HiJackThis so I just did a new scan.
Also I see there are Norton things there, I have desperatly tried to get rid of it same with AVG Free Edition since I got Norman AV installed not so long ago.
I have uninstalled both Norton and AVG should I delete/fix the Norton entries that HJT discovered?


Logfile of HijackThis v1.99.1
Scan saved at 10:03:50, on 27.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\Programfiler\Nero7\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\BlueCom Sikkerhet\fswsclds.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe
E:\Norman\Bin\Zanda.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\WinAmp\winampa.exe
E:\Norman\bin\ZLH.EXE
C:\Programfiler\MessengerPlus! 3\MsgPlus.exe
C:\Programfiler\AOL\Active Security Monitor\ASMonitor.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Programfiler\Nero7\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\RamBooster 2.0\Rambooster.exe
C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programfiler\Labtec trådløs skrivebordsløsning\MagicKey.exe
C:\Programfiler\Google\Google Updater\GoogleUpdater.exe
C:\Programfiler\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Programfiler\Labtec trådløs skrivebordsløsning\MulMouse.exe
E:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Programfiler\Labtec trådløs skrivebordsløsning\OSD.EXE
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Norman\bin\NJEEVES.EXE
E:\Norman\Nvc\BIN\NVCSCHED.EXE
E:\Norman\Nvc\BIN\nipsvc.exe
C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programfiler\Google\Web Accelerator\googlewebaccclient.exe
C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programfiler\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Programfiler\uTorrent\uTorrent.exe
C:\Programfiler\Lavalys\EVEREST Home Edition\everest.bin
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Programfiler\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programfiler\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Programfiler\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programfiler\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Programfiler\WinAmp\winampa.exe
O4 - HKLM\..\Run: [Norman ZANDA] E:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ASM] "C:\Programfiler\AOL\Active Security Monitor\ASMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Programfiler\Nero7\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBooster] C:\Programfiler\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programfiler\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Programfiler\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Aktivere Labtec trådløs skrivebordsløsning.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programfiler\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Programfiler\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Start Firewall.lnk = C:\WINDOWS\system32\net.exe
O8 - Extra context menu item: &Google Search - res://c:\programfiler\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programfiler\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programfiler\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programfiler\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Fyll Skjema - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lagre Skjema - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RoboForm Verktøylinje - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Similar Pages - res://c:\programfiler\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Tilpass Meny - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Translate Page into English - res://c:\programfiler\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Fyll ut skjemaer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll Skjema - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Lagre - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Lagre Skjema - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Verktøylinje - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O18 - Protocol: bw+0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw+0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw-0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw-0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw00 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw00s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw10 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw10s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw20 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw20s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw30 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw30s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw40 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw40s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw50 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw50s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw60 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw60s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw70 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw70s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw80 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw80s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw90 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bw90s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwa0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwa0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwb0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwb0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwc0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwc0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwd0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwd0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwe0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwe0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwf0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwf0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwg0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwh0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwh0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwi0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwi0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwj0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwj0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwk0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwk0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwl0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwl0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwm0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwm0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwn0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwn0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwo0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwo0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwp0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwp0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwq0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwq0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwr0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwr0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bws0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bws0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwt0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwt0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwu0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwu0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwv0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwv0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bww0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bww0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwx0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwx0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwy0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwy0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwz0 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: bwz0s - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {F30CD2F0-DE36-47CF-BB96-03347E657727} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Programfiler\BlueCom Sikkerhet\fswsclds.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programfiler\Nero7\Nero 7\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programfiler\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programfiler\Fellesfiler\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Programfiler\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NBService - Nero AG - D:\Programfiler\Nero7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - E:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - E:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - E:\Norman\Bin\Zanda.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Programfiler\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - E:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - E:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Unknown owner - C:\Programfiler\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programfiler\Fellesfiler\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programfiler\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Edited by Robin_norway, 27 July 2006 - 03:13 AM.


#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 27 July 2006 - 12:07 PM

Please do not use code for the log, paste it into a reply

==================
Norton
http://service1.symantec.com/SUPPORT/nav.n...001092114452606
=================================
Run hijack scan only - check the box to the left of those O18's and when they are all checked go to the bottom and click fix checked
==============

Automated checkers are worthless and dangerous

Your log is clean after the O18's are gone
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Robin_norway

Robin_norway
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 28 July 2006 - 12:00 AM

Thanks, I did.

BTW, I tried that uninstaller thing from Norton but I couldn't run it. My program is uninstalled by using add/remove programs, the uninstaller that came with it or Advanced Uninstaller PRO I don't remember because it's a long time ago but I'm pretty sure it was A/R programs.

Thanks a lot for the help :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users