Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help My Computer Can't Run Regedit,cmd,task Manager And Ms Firewall.


  • This topic is locked This topic is locked
6 replies to this topic

#1 rigel77

rigel77

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 30 April 2007 - 01:28 AM

Help my computer seems to be infected with some virus or malware.
I can't open regedit,task manager,CMD,and MS firewall.
Can pls help me now! pls...
There is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:20:41 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\C\System32\smss.exe
C:\C\system32\winlogon.exe
C:\C\system32\services.exe
C:\C\system32\lsass.exe
C:\C\system32\svchost.exe
C:\C\System32\svchost.exe
C:\C\system32\spoolsv.exe
C:\C\system32\nvsvc32.exe
C:\C\system32\svchost.exe
C:\C\system32\wscntfy.exe
C:\C\Explorer.EXE
C:\C\system32\carpserv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\C\system32\RunDLL32.exe
C:\C\system32\rundll32.exe
C:\C\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\cav-0.94-package[1]\cav-0.94.exe
C:\unzipped\HijackThis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\C\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\C\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\C\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\C\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e54.exe
O4 - HKLM\..\Run: [keyboard] C:\SS Lesson Pack\New Folder\m.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e54.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Usao] "C:\C\system32\YSTEM3~1\cmd.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: dllhost.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C4224E0-5E65-420C-90C3-F129AC73EE93}: NameServer = 10.10.10.10 10.10.10.11
O18 - Protocol: bw+0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: App Management - C:\C\system32\guard.tmp (file missing)
O20 - Winlogon Notify: igfxcui - C:\C\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Themes - C:\C\system32\h6l20g3oe6.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\C\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 30 April 2007 - 01:39 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.
If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.

How to make a permanent folder:
Click Start | My Computer | Local Disk (C: ) | Program Files.
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\Program Files\HijackThis.
Now get your HijackThis.exe file and place it in your folder.

Logitech® Desktop Messenger (LDM) is a free service designed to deliver software support, news and information you can use. LDM ensures that you have simple, speedy, and effortless access to product upgrades, technology tips, and technology news and offers that are relevant to you. LDM delivers information right to your desktop, allowing you to take advantage of all of the advanced features of the Logitech products you own, while staying abreast of new computer-related product and service developments (Logitech and otherwise) that are applicable to your life. Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet. If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen. I suggest doing all updates yourself and removing this application!

Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to 'scriptfile to execute' you'll see a little icon like this: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste this:
http://metallica.geekstogo.com/alcanshorty.bfu
Click OK.
Then click Execute to run the script.
Wait for the complete script execution box to popup and press OK.
Press Exit to terminate the BFU program.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download.
In that case, download the script ( alcanshorty.bfu ) manually from above url ( Right click on it and choose 'Save As' and save it in your BFU-folder).
Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and click OK, followed by Execute.

Please download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

Now, please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.

Once in Safe Mode, open the SmitfraudFix folder again.
Double-click smitfraudfix.cmd.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.

Please include rapport.txt, along with a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rigel77

rigel77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 30 April 2007 - 02:43 AM

Here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:31:57 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\C\System32\smss.exe
C:\C\system32\winlogon.exe
C:\C\system32\services.exe
C:\C\system32\lsass.exe
C:\C\system32\svchost.exe
C:\C\System32\svchost.exe
C:\C\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\C\system32\nvsvc32.exe
C:\C\system32\svchost.exe
C:\C\system32\wscntfy.exe
C:\C\Explorer.EXE
C:\C\system32\carpserv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\C\system32\rundll32.exe
C:\C\system32\RunDLL32.exe
C:\C\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\C\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\unzipped\HijackThis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\C\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\C\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\C\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\C\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Usao] "C:\C\system32\YSTEM3~1\cmd.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: App Management - C:\C\system32\guard.tmp (file missing)
O20 - Winlogon Notify: igfxcui - C:\C\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Themes - C:\C\system32\h6l20g3oe6.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\C\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

-----------------------------------------------------------------------------------------------------------------------------
THIS is my rapport log:SmitFraudFix v2.171

Scan done at 15:23:46.46, Mon 04/30/2007
Run from C:\Documents and Settings\LEO VILLAMOR\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\LEO VILLAMOR\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 30 April 2007 - 03:00 PM

You didn't follow my instructions to move HijackThis, please do so before we continue.
I also assume you're not going to remove Logitech Desktop Messenger?

Edited by rookie147, 30 April 2007 - 03:01 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 rigel77

rigel77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 30 April 2007 - 09:46 PM

OK I move the HJT to another place in my another folder.
This is my new HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 10:40:28 AM, on 5/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\C\System32\smss.exe
C:\C\system32\winlogon.exe
C:\C\system32\services.exe
C:\C\system32\lsass.exe
C:\C\system32\svchost.exe
C:\C\System32\svchost.exe
C:\C\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\C\system32\nvsvc32.exe
C:\C\system32\svchost.exe
C:\C\system32\wscntfy.exe
C:\C\Explorer.EXE
C:\C\system32\carpserv.exe
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\C\system32\RunDLL32.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\C\system32\rundll32.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\C\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\C\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\C\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\C\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\C\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\C\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Usao] "C:\C\system32\YSTEM3~1\cmd.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C4224E0-5E65-420C-90C3-F129AC73EE93}: NameServer = 10.10.10.10 10.10.10.11
O18 - Protocol: bw+0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0C4A2747-D59D-4ECE-B5CA-F2BDEAB2D631} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: App Management - C:\C\system32\guard.tmp (file missing)
O20 - Winlogon Notify: igfxcui - C:\C\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Themes - C:\C\system32\h6l20g3oe6.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\C\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\C\system32\nvsvc32.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 01 May 2007 - 01:34 AM

I see a few entires in your log like this:
C:\C\SYSTEM32\WgaLogon.dll
Can you explain what the beginning of it is for: why is it not just "C:\"?

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Include the ComboFix log, a new HijackThis log, and answer my question in your next post.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:30 PM

Posted 11 May 2007 - 12:26 PM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users