1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need worm help - Fake windows security message

Discussion in 'Virus & Other Malware Removal' started by jd_morgan, Nov 1, 2007.

Thread Status:
Not open for further replies.
  1. jd_morgan

    jd_morgan Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    3
    Hello,

    Running on win xp. Have that same pop up and problem as the person in this thread:
    http://forums.techguy.org/malware-removal-hijackthis-logs/644846-trojans-have-stolen-my-control.html

    I visited a website for some php code. My Norton gave a warning but did not stop it. About every five minutes the fake windows security message pops up. It says -- Warning! Potential Spyware Operation!.. Your computer is making unauthorized copies of your system and internet files.... etc.

    I ran Norton.. no joy. I ran Spyware Doctor.. no joy. I ran ComboFix and HJT.. no joy.

    Below are the logs.

    ComboFix Log:

    ComboFix 07-11-01.1** - kevin 2007-10-31 20:59:30.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.750 [GMT -7:00]
    Running from: C:\Documents and Settings\kevin.NORAD\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
    .

    2007-10-31 20:05 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-10-31 20:05 <DIR> d-------- C:\Documents and Settings\kevin.NORAD\Application Data\PC Tools
    2007-10-31 20:05 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-31 20:05 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-31 20:05 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-31 20:05 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-31 18:24 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-31 17:46 <DIR> d-------- C:\WINDOWS\pss
    2007-10-31 12:34 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-31 12:33 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-31 11:14 12,800 --a------ C:\WINDOWS\system32\bronto.dll
    2007-10-31 11:14 7,680 --a------ C:\WINDOWS\system32\winter.exe
    2007-10-31 11:14 7,680 --a------ C:\WINDOWS\system32\proper.exe
    2007-10-16 18:32 <DIR> d-------- C:\Documents and Settings\kevin.NORAD\Application Data\OfficeUpdate12
    2007-10-16 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-10-10 02:51 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-01 04:03 --------- d-----w C:\Program Files\Symantec AntiVirus
    2007-10-31 05:52 --------- d-----w C:\Program Files\Thumbs7
    2007-09-27 06:39 --------- d-----w C:\Program Files\Paint Shop Pro 6
    2007-09-22 07:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-09-22 07:38 --------- d-----w C:\Program Files\Canon
    2007-09-18 00:40 524,288 ----a-w C:\WINDOWS\opuc.dll
    2001-08-23 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
    2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
    2004-08-04 07:56:42 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
    2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
    2004-08-04 07:56:43 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
    2004-08-04 07:56:43 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
    2007-05-17 11:28:05 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
    2004-08-04 07:56:44 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
    2004-08-04 07:56:55 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27987B8-7244-4DE0-AE10-39B826B492F1}]
    2007-10-31 11:14 12800 --a------ C:\WINDOWS\system32\bronto.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "C-Media Mixer"="Mixer.exe" [2003-03-20 14:21 C:\WINDOWS\mixer.exe]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
    "EPSON Stylus Photo 2200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-06-30 12:05]
    "BJPD HID Control"="C:\Program Files\Canon\BJPV\TVMon.exe" [2003-01-21 16:35]
    "BJLaunchEXE"="C:\Program Files\Canon\BJCard\BJLaunch.exe" [2002-12-20 14:26]
    "Undefined"="C:\WINDOWS\system32\winter.exe" [2007-10-31 11:14]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-23 22:16]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17]
    "Undefined"="C:\WINDOWS\system32\winter.exe" [2007-10-31 11:14]

    C:\Documents and Settings\kevin.NORAD\Start Menu\Programs\Startup\
    infos.exe [2007-10-31 11:14:31]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-22 21:07:21]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    autos.exe [2007-10-31 11:14:31]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-23 22:16:11]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-04-23 22:15:13]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=1 (0x1)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=1 (0x1)
    "DisableTaskMgr"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="Explorer.exe C:\\WINDOWS\\system32\\proper.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\drivers\hpt3xx.sys
    R0 hptpro;hptpro;C:\WINDOWS\system32\drivers\hptpro.sys
    S3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys

    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-31 21:03:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-31 21:04:51 - machine was rebooted
    .
    --- E O F ---


    HJT Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:21:12 PM, on 10/31/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Canon\BJCard\Bjmcmng.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\proper.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Canon\BJPV\TVMon.exe
    C:\Program Files\Canon\BJCard\BJLaunch.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Documents and Settings\kevin.NORAD\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O5 "LPT1:" /M "Stylus Photo 2200"
    O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
    O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - Startup: infos.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: autos.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://*.bestwestern.com (HKLM)
    O15 - ESC Trusted Zone: http://*.bestwestern.com (HKLM)
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170472875798
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://www.bestwestern.com/tsweb/outlook/msrdp.cab
    O18 - Protocol: bw+0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {8D5D3CFD-3CEF-4465-9A09-58322950B92F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 18989 bytes

    Clueless from here, any help appreciated.

    If there is a place to report the website it came from (in Google index), I can probably locate it and get the URL as soon as my browser works right again. Google is crashing the browser due to this worm.

    Managed to get a Google search. I have the URL to the site that I believe popped this bit of nasty into my machine. It happened as soon as I hit the page. I don't want to post the URL here because I don't want others clicking on it, but if there is a mechanism to report these things please advise me who/where/how.

    TIA
     
  2. jd_morgan

    jd_morgan Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    3
    Wow.. a lot of folks have this same issue. After running ComboFix I got back my Control Panel and such, but still have that annoying popup every 5 minutes.
     
  3. jd_morgan

    jd_morgan Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    3
    Looks like you guys are pretty busy around here. Any recommendations on other places to find help sooner? Since I work with this computer 14 hours a day, this worm or whatever is driving me mad.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646218

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice