Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]Adware Log.. any help

Started by ah_hup , Apr 23 2005 10:43 AM

  • Please log in to reply

#1
ah_hup
Posted 23 April 2005 - 10:43 AM

ah_hup

    Member

  • Member
  • PipPip
  • 64 posts
totally noob..
im experiencing disk space decreasing in my C:\ and some guy told me to post my ad aware log here.. so im juz following instruction.. btw i haf also posted my hijack log in the hijack forum..

*deleted* pls view below for updated log

Edited by ah_hup, 24 April 2005 - 06:29 AM.

  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 23 April 2005 - 04:56 PM

Guest_Andy_veal_*
  • Guest
Welcome

In order to assist you, we need to see the log from an Ad-Aware SE 1.05 full system scan.

Important Note! Before performing a scan, be sure that you have the most recent definitions file by using WebUpdate. (Click on the Globe icon, Click connect, Click OK, Click Finish.) At this current point * SE1R40 20.04.2005 * is the most recent definition file.

Ad-Aware SE comes preconfigured with default options so we need you to make only one change. Please deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Select "Perform Full System Scan" and press "Next". When the scan has completed, click "Show Logfile".

Please copy/paste the complete log file here using the reply button. Don't quarantine or remove anything at this time, just post a complete logfile. This sometimes takes 2-3 posts to get it all posted. You will know you are at the end when you see the "Summary of this scan" information has been posted.

When you have posted your log here, Team Lavasoft can advise on what to do next.

Please post back if you have any questions or other problems.

Good luck

Andy
  • 0

#3
ah_hup
Posted 24 April 2005 - 06:28 AM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, April 24, 2005 8:15:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
None
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-24-2005 8:15:06 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 504
ThreadCreationTime : 4-24-2005 12:03:23 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 4-24-2005 12:03:30 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 4-24-2005 12:03:31 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 4-24-2005 12:03:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 704
ThreadCreationTime : 4-24-2005 12:03:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 4-24-2005 12:03:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 4-24-2005 12:03:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 4-24-2005 12:03:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1064
ThreadCreationTime : 4-24-2005 12:03:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1240
ThreadCreationTime : 4-24-2005 12:03:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1260
ThreadCreationTime : 4-24-2005 12:03:34 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 4-24-2005 12:03:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [isafe.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1480
ThreadCreationTime : 4-24-2005 12:03:35 PM
BasePriority : Normal
FileVersion : Version 10.65.0.7
ProductVersion : Version 10.65.0.7
ProductName : ISafe
CompanyName : Computer Associates International, Inc.
FileDescription : ISafe Service
InternalName : ISafe
LegalCopyright : © 2003 Computer Associates International, Inc.
LegalTrademarks : Vet is a trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe
Comments : ISafe

#:14 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 1504
ThreadCreationTime : 4-24-2005 12:03:35 PM
BasePriority : Normal
FileVersion : 2, 3, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000-2001
OriginalFilename : SAgent2.exe

#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1564
ThreadCreationTime : 4-24-2005 12:03:35 PM
BasePriority : Normal
FileVersion : 6.14.10.7189
ProductVersion : 6.14.10.7189
ProductName : NVIDIA Driver Helper Service, Version 71.89
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.89
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1696
ThreadCreationTime : 4-24-2005 12:03:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1748
ThreadCreationTime : 4-24-2005 12:03:35 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe

#:18 [em_exec.exe]
FilePath : C:\Logitech\MOUSEW~1\SYSTEM\
ProcessID : 1868
ThreadCreationTime : 4-24-2005 12:03:36 PM
BasePriority : Normal
FileVersion : 9.70.216
ProductVersion : 9.70
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Control Center
InternalName : EM_EXEC
LegalCopyright : Copyright © Logitech Inc. 1987-2002.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : EM_EXEC.CPP
Comments : Created by the MouseWare Team

#:19 [dragdiag.exe]
FilePath : C:\Program Files\Alcatel\SpeedTouch USB\
ProcessID : 1876
ThreadCreationTime : 4-24-2005 12:03:37 PM
BasePriority : Normal
FileVersion : 201.2.0.0
ProductVersion : 201.2.0.0
ProductName : SpeedTouch USB
CompanyName : THOMSON multimedia
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON multimedia 1999-2002

#:20 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 1920
ThreadCreationTime : 4-24-2005 12:03:37 PM
BasePriority : Normal


#:21 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_05\bin\
ProcessID : 1928
ThreadCreationTime : 4-24-2005 12:03:37 PM
BasePriority : Normal


#:22 [shwicon2k.exe]
FilePath : C:\Program Files\Multimedia Card Reader\
ProcessID : 1936
ThreadCreationTime : 4-24-2005 12:03:37 PM
BasePriority : Idle
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : Alcor Micro Sunkist
CompanyName : Alcor Micro, Corp.
FileDescription : Sunkist
InternalName : Sunkist
LegalCopyright : Copyright c 2002
OriginalFilename : Sunkist.exe

#:23 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1948
ThreadCreationTime : 4-24-2005 12:03:37 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:24 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1968
ThreadCreationTime : 4-24-2005 12:03:37 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe

#:25 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1984
ThreadCreationTime : 4-24-2005 12:03:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 172
ThreadCreationTime : 4-24-2005 12:03:38 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:27 [bwgo00007a05.exe]
FilePath : C:\DOCUME~1\User\LOCALS~1\Temp\
ProcessID : 276
ThreadCreationTime : 4-24-2005 12:03:39 PM
BasePriority : Normal


#:28 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 4-24-2005 12:03:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:29 [devldr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2096
ThreadCreationTime : 4-24-2005 12:03:50 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:30 [mantispm.exe]
FilePath : C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\
ProcessID : 2168
ThreadCreationTime : 4-24-2005 12:03:51 PM
BasePriority : Normal
FileVersion : 4, 2, 1, 2891
ProductVersion : 4, 2, 1, 2891
FileDescription : Spam Filter
InternalName : mantispm.exe
LegalCopyright : © 2002-2004
OriginalFilename : mantispm.exe

#:31 [club_vii©.exe]
FilePath : E:\Hup\Club_VII\Club_VII©\
ProcessID : 2476
ThreadCreationTime : 4-24-2005 12:04:21 PM
BasePriority : Normal
FileVersion : 6.03
ProductVersion : 6.03
ProductName : mIRC
CompanyName : mIRC Co. Ltd.
FileDescription : mIRC
InternalName : mIRC
LegalCopyright : Copyright © 1995-2002 mIRC Co. Ltd.
LegalTrademarks : mIRC® is a Registered Trademark of mIRC Co. Ltd.
OriginalFilename : mirc.exe

#:32 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2564
ThreadCreationTime : 4-24-2005 12:04:27 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:33 [w3xmaphack1180c.exe]
FilePath : C:\Documents and Settings\User\Desktop\
ProcessID : 3576
ThreadCreationTime : 4-24-2005 12:10:58 PM
BasePriority : Normal
FileVersion : 1.18
ProductVersion : 1.18
ProductName : W3XMapHack
FileDescription : ShadowFrench
InternalName : W3XMapHack1180C
OriginalFilename : W3XMapHack1180C.exe

#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3744
ThreadCreationTime : 4-24-2005 12:11:34 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 0


8:26:14 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:08.0
Objects scanned:173512
Objects identified:0
Objects ignored:0
New critical objects:0
  • 0

#4
Guest_Andy_veal_*
Posted 24 April 2005 - 05:13 PM

Guest_Andy_veal_*
  • Guest

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 0


If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip
  • 0

#5
Guest_Andy_veal_*
Posted 24 April 2005 - 05:25 PM

Guest_Andy_veal_*
  • Guest

#:27 [bwgo00007a05.exe]
FilePath : C:\DOCUME~1\User\LOCALS~1\Temp\
ProcessID : 276
ThreadCreationTime : 4-24-2005 12:03:39 PM
BasePriority : Normal

#:33 [w3xmaphack1180c.exe]
FilePath : C:\Documents and Settings\User\Desktop\
ProcessID : 3576
ThreadCreationTime : 4-24-2005 12:10:58 PM
BasePriority : Normal
FileVersion : 1.18
ProductVersion : 1.18
ProductName : W3XMapHack
FileDescription : ShadowFrench
InternalName : W3XMapHack1180C
OriginalFilename : W3XMapHack1180C.exe


Do you know what these processes are?
  • 0

#6
ah_hup
Posted 25 April 2005 - 09:26 AM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

Do you know what these processes are?

View Post


yar.. they are some programs tt i downloaded for warcraft3 some sort of maphack.. but i dun think the problem lies here.. my C:\ space is continueing to decrease.. now left wif 990MB.. sighz.. cant figure out wad is wrong.
i also tried using the TD-3 program.. but still no trojan detected.. wad could be the case??
  • 0

#7
Rawe
Posted 25 April 2005 - 09:38 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi.
Try some of these online virus scans, here;
- F-secure; http://support.f-sec.../home/ols.shtml
- Trend micro (recommended); http://fi.trendmicro...call_launch.php
- Panda activescan; http://www.pandasoft...n_principal.htm

Delete/remove every problem, if those finds something.
Then, after cleaned (if they found something),
reboot your computer, read these instructions;
http://www.geekstogo...ons-t16830.html
and post a new "Full system scan" - logfile here.

- Rawe :tazz:
  • 0

#8
ah_hup
Posted 25 April 2005 - 11:31 AM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts

If your system is running a program which changes the hosts file or you have added listings to the hosts file then there is no need to check further. Otherwise, please download the "Host File Viewer" by Option^Explicit. It is a 65K program which will allow you to find/view/open/read/edit/restore to default settings your HOST file. Instructions are on the display screen of the program. Select the option to restore to default settings.
http://members.acces...sFileReader.zip

View Post


erm.. wad is a host file??
  • 0

#9
Guest_Andy_veal_*
Posted 25 April 2005 - 11:36 AM

Guest_Andy_veal_*
  • Guest

In computing, a host file, stored on the computer's filesystem, is used to look up the Internet Protocol address of a device connected to a computer network. The host file describes a many-to-one mapping of device names to IP addresses. When accessing a device by name, the networking system will attempt to locate the name within the host file if it exists. Typically, this is used as a first means of locating the address of a system, before accessing the Internet domain name system. The reason for this is that the host file is stored on the computer itself and does not require any network access to be used, whereas DNS requires access to an external system, which is typically slower.


There should on be one entry in a host file.

I hope this helps.

If not just post back :tazz:
  • 0

#10
ah_hup
Posted 25 April 2005 - 11:57 AM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
what is this JavaByteVerigy.exploit aniway?? my Zone Alarm keeps detecting this unrepairable virus.. -.-
  • 0

#11
ah_hup
Posted 25 April 2005 - 12:17 PM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
i haf scanned my PC wif the trend online scan.. it detected 5 new infections but unable to clean them up.. [bleep].. even my Zone Alarm cannot repair the infections.. is my C:\ doomed to be reduced to 0MB day by day?? :tazz:
  • 0

#12
Guest_Andy_veal_*
Posted 26 April 2005 - 09:06 AM

Guest_Andy_veal_*
  • Guest
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#13
ah_hup
Posted 02 May 2005 - 12:42 AM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:42:14 PM, on 5/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\DOCUME~1\User\LOCALS~1\Temp\bwgo00007f61.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
E:\Club_VII\Club_VII©\Club_VII©.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.174.195:3128
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [shwicon2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Logitech\Desktop Messenger\8876480\Users\User\NewVersion\setup-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A091715-B529-44D5-98A6-61E160282E09}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: bw+0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Attached Thumbnails

  • virus.JPG

  • 0

#14
ah_hup
Posted 05 May 2005 - 10:12 AM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
i was suspecting these files to be the cause... total of 800++ of these in my C:\ Temp folder.. bwgo0000ca83.exe C:\DOCUME~1\User\LOCALS~1\Temp\bwgo0000ca83.exe

view the attachment below

Attached Thumbnails

  • trojan.JPG

  • 0

#15
ah_hup
Posted 08 May 2005 - 01:01 AM

ah_hup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:59:05 PM, on 5/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
E:\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
E:\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
E:\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
E:\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
E:\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
E:\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
E:\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
E:\F-Secure Anti-Virus\Common\FSM32.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
E:\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\system32\devldr32.exe
E:\F-Secure Anti-Virus\Common\FAMEH32.EXE
E:\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
E:\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
E:\F-Secure Anti-Virus\FSGUI\fsguiexe.exe
E:\Club_VII\Club_VII©\Club_VII©.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Warcraft III\yawle.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.93.174.195:3128
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [shwicon2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [F-Secure Manager] "E:\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "E:\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "E:\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Logitech Desktop Messenger] C:\Logitech\Desktop Messenger\8876480\Users\User\NewVersion\setup-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A091715-B529-44D5-98A6-61E160282E09}: NameServer = 165.21.83.88 165.21.100.88
O18 - Protocol: bw+0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2BFF2AB8-0366-4295-BC53-0C6F3B86D58F} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - E:\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - E:\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - E:\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP