1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

post-virtumonde infection? needs a second opinion.

Discussion in 'Virus & Other Malware Removal' started by REBDomine, Nov 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. REBDomine

    REBDomine Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    9
    I just recently removed Virtumonde from my computer. Oh yes, 'tis the one responsible for those false security alerts that pop out on your screen and opens up Internet Explorer (although I dont use it anymore and have switched to Firefox). but there's a problem: CCProxy.exe is using up 1/4 of my entire memory and Explorer seems to be laggy and unresponsive. I already cross-checked my HJT logs with common applications/Registry keys with known spyware values.

    I have already used Vundofix, McAfee Anti-Spyware, Siri's SmitFraudFix Ad-Aware SE and a couple of other applications. So far, I'm already found the culprit using SmitFraudFix and removed the offending executables and five Virtumonde-related DLL's using VUndoFix 6.5.0.11, and manually removed its Registry values.

    It's just really annoying when I run my UnrealED (the level editor for Unreal Engine games, this one modded for Postal 2) and then my CPU usage jumps up to 100 percent all the time. Previously, it just tops out to 60-75 percent....just before Virtumonde laid waste to my computer.

    I need an insight to this. Anyway, if somebody needs my HijackThis scan logs, I'd be happy to post it here. Just PM me or something like that.

    -REBDomine
     
  2. REBDomine

    REBDomine Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    9
    where's the tech people?

    *here kitty, kitty, kitty, kitty....awww, there you go*
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    to start with

    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
    Click on the entry in start menu to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    then

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    then when it has rebooted

    Download Combofix to your desktop:

    * Double-click combofix.exe & follow the prompts.
    * When finished, it shall produce a log for you. Post that log in your next reply.


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
  4. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    And furthermore, do not use the report thread option to ask for assistance. There is a thread at the very top of the forum that will address the decorum here ;)
     
  5. REBDomine

    REBDomine Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    9
    So far, I managed to get things done and put back my computer to a usable state. If all goes well, I'd close this thread. And here's my HJT log (which seems to be clean IMHO).

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 1:06:08 PM, on 11/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Postal2STP\ApocalypseWeekend\System\PostED.exe
    C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    C:\Program Files\Super Columbine Massacre RPG!\rpg_rt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wireless-N PCI Adapter\WLService.exe
    C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\vsnpstd3.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Wireless-N PCI Adapter\BroadcomUI\bcmwltry.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\Program Files\Winamp\winamp.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\cABANBAN\Desktop\HiJackThis_v2.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
    O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: Broadcom Wireless Tray Configuration.lnk = C:\Program Files\Wireless-N PCI Adapter\BroadcomUI\bcmwltry.exe
    O4 - Startup: wltrysvc.lnk = C:\Program Files\Wireless-N PCI Adapter\BroadcomUI\wltrysvc.exe
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Authentic/VBAuthentic.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: bw00s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)
    O23 - Service: WMP300NSvc - GEMTEKS - C:\Program Files\Wireless-N PCI Adapter\WLService.exe

    --
    End of file - 19280 bytes.

    Anyway, I was looking down on the DLL files on the /windows/system32 directory and stumbled some things VundoFix and Ad-Aware didn't find. I wonder why they are still here. There's no longer any problem, but I just wonder what the hell were these.

    Here they are:

    addurl41.dll - A possible keylogger.
    bvygvguc.dll - no Google hits
    CmdLineExt03.dll - Copy protection DLL, but some say it's a trojan?
    jdpnpxxy.dll - no Google hits
    jheqnfns.dll - no Google hits
    jpeg32.dll - E-Surveiller spyware?
    libeay32_0.9.6l.dll - Possibly related to E-Surveiller.
    LXBLLCNP.DLL - Trojan.
    lxblvs.dll - Browser hijacker.
    MCC16.dll - Sony BMG's rootkit
    mfGINA.dll - Pop-ups.
    mkbkoyyu.dll - no Google hits.
    tmp46.tmp.dll - DelPSGuard trojan.
    tndmiynt.dll - no Google hits.
    uitbxqse.dll - no Google hits.
    voeegopn.dll - no Google hits.
    vtutqrs.dll - WinAntiVirus trojan downloader?
    winwatch.DLL - Pop-ups.
    ReportReader.dll - Sony BMG's rootkit
    WebFlowIDPersist.dll - Sony BMG's rootkit


    You may choose to ignore the DLL's already with a clear description, but I'd welcome any comments to the ones with "no Google hits".
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    do what I said and run the tools and post their logs
     
  7. REBDomine

    REBDomine Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    9
    I'm really busy now for the upcoming holidays (oh noes, cooking [email protected] o' food for my entire family/friends/incoming relatives) here in the Philippines, and couldn't give enough time to work on my computer, so I'd post the logfiles from both ComboFix and SDFix sometime next week (probably Monday or Tuesday).

    Anyway, here's my latest HijackThis log:


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:32, on 2007-12-05
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wireless-N PCI Adapter\WLService.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Wireless-N PCI Adapter\BroadcomUI\bcmwltry.exe
    C:\Program Files\Winamp\winamp.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\sndvol32.exe
    C:\Program Files\Super Columbine Massacre RPG!\rpg_rt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\cABANBAN\Desktop\HiJackThis_v2.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec

    Shared\AdBlocking\NISShExt.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton

    AntiVirus\NavShExt.dll (file missing)
    O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKUS\S-1-5-21-5179866-3609210361-1087952576-1003\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -

    quiet (User 'Owner')
    O4 - HKUS\S-1-5-21-5179866-3609210361-1087952576-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    (User 'Owner')
    O4 - HKUS\S-1-5-21-5179866-3609210361-1087952576-1003\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -

    atboottime (User 'Owner')
    O4 - HKUS\S-1-5-21-5179866-3609210361-1087952576-1003\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"

    /VeohHide (User 'Owner')
    O4 - HKUS\S-1-5-21-5179866-3609210361-1087952576-1003\..\Run: [] (User 'Owner')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - S-1-5-21-5179866-3609210361-1087952576-1003 Startup: bcmwltry.lnk = C:\Program Files\Wireless-N PCI

    Adapter\BroadcomUI\bcmwltry.exe (User 'Owner')
    O4 - S-1-5-21-5179866-3609210361-1087952576-1003 Startup: wltrysvc.lnk = C:\Program Files\Wireless-N PCI

    Adapter\BroadcomUI\wltrysvc.exe (User 'Owner')
    O4 - S-1-5-21-5179866-3609210361-1087952576-1003 Startup: WMP300N.lnk = C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe

    (User 'Owner')
    O4 - S-1-5-21-5179866-3609210361-1087952576-1003 User Startup: bcmwltry.lnk = C:\Program Files\Wireless-N PCI

    Adapter\BroadcomUI\bcmwltry.exe (User 'Owner')
    O4 - S-1-5-21-5179866-3609210361-1087952576-1003 User Startup: wltrysvc.lnk = C:\Program Files\Wireless-N PCI

    Adapter\BroadcomUI\wltrysvc.exe (User 'Owner')
    O4 - S-1-5-21-5179866-3609210361-1087952576-1003 User Startup: WMP300N.lnk = C:\Program Files\Wireless-N PCI

    Adapter\WMP300N.exe (User 'Owner')
    O4 - Startup: Broadcom Wireless Tray Configuration.lnk = C:\Program Files\Wireless-N PCI Adapter\BroadcomUI\bcmwltry.exe
    O4 - Startup: wltrysvc.lnk = C:\Program Files\Wireless-N PCI Adapter\BroadcomUI\wltrysvc.exe
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp

    Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
    O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) -

    https://www.metrobankdirect.com/download/Authentic/VBAuthentic.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: bw00s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop Messenger\8876480

    \Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {81A1F358-DB04-4E11-A237-AB5A2D59D21A} - C:\Program Files\Logitech\Desktop

    Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program

    Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\ccSetMgr.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

    Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

    files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program

    Files\McAfee\McAfee AntiSpyware\Msssrv.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet

    Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

    Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security

    Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file

    missing)
    O23 - Service: WMP300NSvc - GEMTEKS - C:\Program Files\Wireless-N PCI Adapter\WLService.exe

    --
    End of file - 21113 bytes

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,354
    First Name:
    Derek
    when you are ready then you can start again and someone might help you but you haven't helped yourself with your initial attitude and screams for urgent assistance and then don't do what is suggested

    I am closing this thread because I see no point in continuing
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/651141

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice