Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sledgeka

Sledgeka

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 22 August 2006 - 07:43 PM

Hello!

My PC has been infected with a Trojan Horse/Dialer . Norton is driving me crazy with this message that infected file found cannot be quarrantine or repaired. When I run Xoftspy it keeps finding the 'Ultimate Defender registry value I find the entry nd delete it but it keeps coming back.

I ran an online scan at Panda(which is below) and detected something called systemdoctor' but I can't find it!.

Adware:adware/systemdoctor Windows Registry
Spyware:Cookie/Atwola C:\Documents and Settings\Brendan\Cookies\brendan@atwola[1].txt
Potentially unwanted tool:Application/Processor C:\Documents and Settings\Brendan\Desktop\Problems\smitRem\Process.exe

Here's the Hijackthis log :

Logfile of HijackThis v1.99.1
Scan saved at 10:27:15 AM, on 23/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\E_S00RP2.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL

Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton

AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Install Applications\AnyDVD

V3.8.1.3\Crack\AnyDVD.exe
C:\Program

Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tweak-XP Pro\AdBlocker.exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.

exe
C:\Program

Files\Creative\SBLive\PlayCenter2\CTNMRun.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Ccy Cookies Remover

v203\ccycookr.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.optusnet.com.au
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Sledgeka's Explorer
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Intern

et Settings,ProxyOverride = 0<local>;localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry]

C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program

Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program

Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla]

C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program

Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program

Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program

Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Install

Applications\AnyDVD V3.8.1.3\Crack\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program

Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program

Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Omnipage] C:\Program

Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common

Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]

C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [XoftSpy] C:\Program

Files\XoftSpy\XoftSpy.exe -s
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] K:\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [BlockAds] "C:\Program

Files\Tweak-XP Pro\AdBlocker.exe"
O4 - HKCU\..\Run: [LDM] C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.

exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program

Files\Creative\SBLive\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [Ccy Cookies Remover v2.0.3]

C:\Program Files\Ccy Cookies Remover

v203\ccycookr.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program

Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Yahoo! Search -

file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight -

C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel

-

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/30

00
O8 - Extra context menu item: Open with GetRight

Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -

file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O14 - IERESET.INF:

START_PAGE_URL=http://www.optusnet.com.au
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8}

(ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/asa/ctrl/Sym

AData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345}

(Symantec SmartIssue) -

https://www-secure.symantec.com/techsupp/asa/ctrl/tgctls

i.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}

(Symantec Script Runner Class) -

https://www-secure.symantec.com/techsupp/asa/ctrl/tgctls

r.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B}

(InstallShield Setup Player 2K2) -

http://sib1.od2.com/common/Member/ClientInstall/10.20.

0002/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {860D5AAC-D059-4C9F-93D3-3FD6FBB6872F}

(AuroraCtrl Class) -

http://icebergradio.com/aurora/1.0.2.259/client.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48}

(Yahoo! Webcam Upload Wrapper) -

http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA}

(MSN File Upload Control) -

http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.ca

b
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}

(YAddBook Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/s

uite/autocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB}

(MSN Photo Upload Tool) -

http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.ca

b
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}

-

http://download.abacast.com/download/files/abasetup161

.cab
O18 - Protocol: bw+0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw+0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw-0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw-0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw00 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw00s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw10 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw10s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw20 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw20s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw30 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw30s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw40 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw40s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw50 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw50s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw60 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw60s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw70 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw70s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw80 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw80s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw90 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bw90s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwa0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwa0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwb0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwb0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwc0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwc0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwd0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwd0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwe0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwe0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwf0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwf0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwfile-8876480 -

{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwg0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwh0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwh0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwi0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwi0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwj0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwj0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwk0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwk0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwl0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwl0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwm0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwm0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwn0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwn0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwo0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwo0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwp0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwp0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwq0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwq0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwr0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwr0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bws0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bws0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwt0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwt0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwu0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwu0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwv0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwv0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bww0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bww0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwx0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwx0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwy0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwy0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwz0 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: bwz0s -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O18 - Protocol: offline-8876480 -

{D03384C6-A6B5-462C-AEE0-CE8CBEFADB0A} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BWPlugProtocol-8876480.dl

l
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjjq32 -

C:\WINDOWS\SYSTEM32\winjjq32.dll
O23 - Service: Automatic LiveUpdate Scheduler -

Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation

(ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -

Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON V3 Service2(02)

(EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION

- C:\WINDOWS\system32\E_S00RP2.EXE
O23 - Service: ewido anti-spyware 4.0 guard -

Anti-Malware Development a.s. - C:\Program Files\ewido

anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service

(navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel®

Corporation - C:\Program

Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection

(NProtectService) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) -

NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: rpcapd - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f

"%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation -

C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) -

Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBSer

v.exe
O23 - Service: Symantec Network Drivers Service

(SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent4

(StatusAgent4) - SEIKO EPSON CORPORATION -

C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe

Thanks
Sledge :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 AM

Posted 31 August 2006 - 05:33 PM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:

Also, The current formatting of your log makes it difficult to read, so in notepad:
On top, click Format >uncheck Word Wrap
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 AM

Posted 07 September 2006 - 05:27 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users