1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

127021.exe

Discussion in 'Virus & Other Malware Removal' started by Tony--, Apr 7, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Tony--

    Tony-- Thread Starter

    Joined:
    Apr 6, 2005
    Messages:
    1
    Hello,

    I got infected with the virus.

    Here som problems, what to do?
    - I can't install ZoneAlarm, I had it but uninstalled it because it workt no more and I anted to instal a newer version. Thats inpossible.
    - When starting up it takes a long time befor I can do somthing (5 to 10 minutes waiting for surfing)
    - when shutting down their seems to be a problem with vsmon.exe
    - whats with the Logitech\Desktop Messenger that appears verry much

    I already deleted the prvdi.exe

    Thanks


    Logfile of HijackThis v1.99.1
    Scan saved at 21:09:03, on 6/04/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    *
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\Dit.exe
    C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    C:\WINDOWS\DitExp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\Program Files\HJT\HijackThis.exe
    *
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www001.upp.so-net.ne:[email protected]T4LD.BIZ (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hattrick.org/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pandora.be
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0001_ho
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www001.upp.so-net.ne:[email protected]/search.htm (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door Telenet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.pandora.be:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
    O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"* -osboot
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
    O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
    O16 - DPF: Dexia PubliWeb - http://publiweb.dexia.be/shared/appletIIA/dexiaPWIIA.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c337.cab
    O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://telenet.extrafilm.be/import/ImageUploader3.cab
    O18 - Protocol: bw+0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {563BEB76-7FEE-4869-A34F-44941B28CF3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    *
    *
     
  2. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,110
    Hi Tony--

    Welcome to Tech Support Guy Forums!

    This is truly weird, my AV scanner is popping up about a virus in this thread.

    I cannot imagine what you are going through right now! :eek:


    Definitely run TWO of these scans. This will take several hours to complete.

    Download, Install and check each of the following Spyware tools for updates:
    (If you already have the following, please make sure it is the latest version and has been updated)

    • Ad-Aware SE 1.05:
      Click on Full System Scan and deselect Search for negligible risk entries. Have Ad-Aware SE remove what it finds.
    • Spybot-S&D 1.3:
      Have it fix what it finds marked in Red.
    • Spyware Blaster 3.3:
      Click on Updates > Check for Updates Switch to Protection
      Under Quick Tasks click Enable All Protection. Close Spyware Blaster.

    After running your online virus scans and scanning with with Ad-Aware SE and Spybot S&D,
    close all programs, reboot to complete the removal process.

    Start HijackThis click on Do a system scan and save a logfile.
    Most of what it lists will be harmless or even required, so do NOT fix anything yet.

    Close HijackThis and post a fresh log here and one of our security experts will take a look at it.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,547
    First Name:
    Derek
    I will sort out the fix for Tony a bit later

    Eafiedler what AV are you using as quite afew do alarm on any link on a web page that has an obsfucated redirect

    There isn't an actual virus on the page naywhere but there are links that could allow a virus to be downloaded if clicked on in the HJT log
     
  4. EAFiedler

    EAFiedler Moderator

    Joined:
    Apr 25, 2000
    Messages:
    14,110
    I am using AVG, I think I have eliminated the cause to the R1 lines with BIZ link in it.

    AVG is giving me this message:
    Virus Detected!
    C:\Documents and Settings\UserAccount\Local Settings\Temporary Internet Files\Content.IE5\M3KBEBYP\showthread(1).html
    Could be infected JS/Fortnight

    That is the first log with (obfuscated) that AVG has kicked up a fuss.
    I'll do a Search on (obfuscated) on this forum and see if I get any other alarms, maybe the new virus definitions have kicked up the sensitivity a bit.
    ______________________________________________________________

    I have already deleted my TIF.
    I was more Surprised than alarmed ;) and a bit concerned that other posters would receive the same behavior from their AV scanners when accessing this thread.
    ______________________________________________________________

    I was also thinking if the log was edited to the following, then perhaps the antivirus scanners would not set off false alarms. :rolleyes:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [*url]http://www001.upp.so-net.ne:[email protected]/search.htm[/url] (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [*url]http://www001.upp.so-net.ne:[email protected][/url] .BIZ (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [*url]http://www001.upp.so-net.ne:[email protected]/search.htm[/url] (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [*url]http://www001.upp.so-net.ne:[email protected]/search.htm[/url] (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [*url]http://www001.upp.so-net.ne:[email protected]/search.htm[/url] (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [*url]http://www001.upp.so-net.ne:[email protected]/search.htm[/url] (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [*url]http://www001.upp.so-net.ne:[email protected]/search.htm[/url] (obfuscated)
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    55,547
    First Name:
    Derek
    uninstall desktop messenger from add/remove programs in control panel, it isn't needed and is just an updater for your logitech mouse or whatever

    then do all the previous suggestions and then see how it is

    I would also like you to run this to look for the hidden files taht I am sure are the cause of the homepage hijacking

    Click here to download DLLCompare.exe.

    Save it to your desktop.

    Now run DllCompare and click on the RunLocate.com button. It will scan for the hidden files. When it is finished,you will see in blue Completed the scan, Click Compare to Continue at which time you will click the Compare button.

    It will sort through the files it found and determine which should be flagged as "No access" and display them in the lower box.
    In a few minutes it will complete then you will see in blue Completed.
    Click the Make a Log of what was Found button. It will ask if you want to view the logfile. Click Yes then copy and paste that log in your next reply.


    Click here to download Find It NT-2K-XP.zip.

    Unzip it and double-click on Find.bat to run it. When the command window first opens, it will say "File not found". Ignore that and let it continue to run until it finishes. It may take it a few minutes. It will open an Output.txt file when it completes. Copy and paste the contents of output.txt here. Once that's done, close the text file and then press any key and the batch file will end.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/350470

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice