Author Topic: Virus? (Read 33658 times)

CBMatt · « **Reply #15 on:** August 08, 2007, 08:34:15 AM »

Quote from: CBMatt on August 07, 2007, 07:42:11 PM

Also, download lop.zip
Unzip it to your desktop.
Go into the new lop folder and double-click lop.bat
It will run and when done, a Notepad will open. Copy the contents of the Notepad and paste it here.

I would like you to do this as well before we move on.

Neik · « **Reply #16 on:** August 08, 2007, 12:24:11 PM »

Sorry about that CBMatt I forgot that last part

Volume in drive C has no label.
Volume Serial Number is F034-6802

Directory of C:\Documents and Settings\Administrator\Application Data

04/11/2003 07:52 AM <DIR> Adobe
04/11/2003 03:19 AM <DIR> Help
04/09/2003 09:47 PM <DIR> Identities
04/11/2003 05:52 AM <DIR> InterTrust
04/11/2003 06:17 AM <DIR> Mozilla
04/11/2003 06:14 AM <DIR> MSN6
04/11/2003 05:57 AM <DIR> Real
0 File(s) 0 bytes
7 Dir(s) 1,663,037,440 bytes free
Volume in drive C has no label.
Volume Serial Number is F034-6802

Directory of C:\Documents and Settings\All Users\Application Data

04/29/2007 05:12 PM <DIR> Adobe
01/03/2007 01:21 AM <DIR> avg7
09/17/2006 11:51 AM <DIR> CyberLink
05/01/2007 09:59 PM <DIR> Google
11/05/2006 04:04 PM <DIR> McAfee
01/03/2007 12:23 AM <DIR> McAfee.com
09/26/2006 07:03 PM <DIR> Messenger Plus!
04/11/2003 06:13 AM <DIR> MSN Messenger 5.0.0527
04/11/2003 06:14 AM <DIR> MSN6
05/19/2007 12:39 PM <DIR> NVIDIA
10/07/2006 07:07 PM <DIR> QuickTime
08/02/2007 10:49 PM <DIR> Roam Inside Hole Tons
04/09/2003 09:57 PM <DIR> SBSI
08/08/2007 02:14 PM <DIR> Screaming Bee
04/26/2007 05:38 PM <DIR> Sony Corporation
04/11/2003 07:23 AM <DIR> Support.com
08/04/2007 11:22 PM <DIR> TEMP
07/01/2007 04:54 PM <DIR> TuneUp Software
04/11/2003 05:54 AM <DIR> VAIO Media Platform
10/05/2006 04:03 PM <DIR> Viewpoint
10/06/2006 04:09 PM <DIR> Windows Genuine Advantage
0 File(s) 0 bytes
21 Dir(s) 1,663,033,344 bytes free
Volume in drive C has no label.
Volume Serial Number is F034-6802

Directory of C:\Documents and Settings\Owner\Application Data

01/28/2007 12:16 PM <DIR> Actual Tools
07/13/2007 07:47 PM <DIR> Adobe
07/19/2007 01:19 PM <DIR> Ahead
06/13/2007 09:28 PM <DIR> ATI
01/02/2007 07:23 PM <DIR> AVG7
03/16/2007 11:46 PM <DIR> DivX
10/07/2006 07:12 PM <DIR> FotoWire
06/29/2007 04:51 PM <DIR> Google
04/11/2003 03:19 AM <DIR> Help
04/09/2003 09:47 PM <DIR> Identities
07/18/2007 11:56 PM <DIR> IE7Pro
01/02/2007 11:14 PM <DIR> Internet Download Accelerator
04/11/2003 05:52 AM <DIR> InterTrust
07/23/2007 10:38 PM <DIR> Lavasoft
09/19/2006 03:40 PM <DIR> Leadertech
09/18/2006 09:36 PM <DIR> Macromedia
09/18/2006 05:13 PM <DIR> Mozilla
04/11/2003 06:14 AM <DIR> MSN6
04/29/2007 07:41 PM <DIR> MusicIP
04/29/2007 05:18 PM <DIR> Opera
01/03/2007 12:24 AM <DIR> PC Tools
08/08/2007 02:14 PM <DIR> Screaming Bee
03/13/2007 06:16 PM <DIR> Screenshot Sender
02/18/2007 05:19 PM <DIR> Styler
11/12/2006 07:49 PM <DIR> Sun
07/13/2007 12:43 PM <DIR> teamspeak2
09/19/2006 03:50 PM <DIR> Template
07/01/2007 04:55 PM <DIR> TuneUp Software
07/17/2007 01:38 PM <DIR> Uniblue
01/14/2007 06:41 PM <DIR> Ventrilo
07/04/2007 08:46 PM <DIR> WinRAR
0 File(s) 0 bytes
31 Dir(s) 1,663,033,344 bytes free
Volume in drive C has no label.
Volume Serial Number is F034-6802

Directory of C:\Documents and Settings\Default User\Application Data

04/11/2003 05:57 AM <DIR> .
04/11/2003 05:57 AM <DIR> ..
04/09/2003 02:42 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 1,663,033,344 bytes free
Volume in drive C has no label.
Volume Serial Number is F034-6802

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is F034-6802

Directory of C:\Documents and Settings\NetworkService\Application Dat

CBMatt · « **Reply #17 on:** August 08, 2007, 08:27:51 PM »

No worries, I just wanted to make sure we're being thorough here. There's one other folder you need to delete...

C:\Documents and Settings\All Users\Application Data\Roam Inside Hole Tons

You said you're not sure how to get to Safe Mode with your new motherboard, correct? I think it would be a good idea to spend a few minutes figuring it out. Instead of F8, try some of the other function keys. F5 is what I have to use for my computer, and some use F10. Just give each key a try (you'll have to reboot a few times) until you find out which one will take you to Safe Mode.

When in Safe Mode, infections are disabled because your computer starts up with only the necessary applications. This makes it much easier to detect and remove infections, which is why Safe Mode is very important here. The particular folder above can probably be removed in Normal Mode, but it's still important to know how to get into Safe Mode.

Now, with that said... Copy everything inside the quote box below (starting with @) and paste it into Notepad. Go up to File > Save As and click the drop-down box to change the "Save As Type" to "All Files". Save it as remlop.bat on your desktop.

Quote

@echo off
cd C:\WINDOWS\Tasks
attrib -r -s -h 80FF5EC69068CB32.job
del 80FF5EC69068CB32.job
exit

Double-click remlop.bat A window will open and close quickly; this is normal.

Then go ahead and head over HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new HijackThis log.

Neik · « **Reply #18 on:** August 09, 2007, 10:45:11 AM »

I have done the Notepad remlop.bat, but when i do the panda active scan it downloads the compents and when it finishes, I click on My Computer and waited. It didnt perform a scan or anything. I tried 3 times

CBMatt · « **Reply #19 on:** August 10, 2007, 02:34:43 PM »

Okay...go ahead and download Spybot - Search & Destroy and SUPERAntiSpyware. Install and update both programs. You should then reboot into Safe Mode and then scan with each program, one at a time. Have you figured out how to get into Safe Mode with your computer yet?

Neik · « **Reply #20 on:** August 10, 2007, 10:59:37 PM »

Yes I figured how to get into safe mode, it was also F5 for me ty.
I have spyware doctor, can i scan with that in safe mode instead of getting new programs? I dont have much GB left, This computer is pretty old, Holds only 15 GB $:-\$
I'm not sure why you would need more than 1 anti spyware, would it be better?

CBMatt · « **Reply #21 on:** August 11, 2007, 03:51:58 AM »

You don't have to download them; they would just be really handy to have. It's generally not a good idea to have more than one anti-virus, but more than one anti-spyware can be helpful. Because you have Spyware Doctor active, you don't have to worry about Spybot. However, I would still get SUPERAntiSpyware, as it's good at picking up a lot of infections. Either way, you should update your protection and scan with in Safe Mode.

CBMatt · « **Reply #22 on:** August 19, 2007, 06:20:22 AM »

Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

patio · « **Reply #23 on:** August 27, 2007, 06:20:35 PM »

Topic unlocked at OP's request...

Neik · « **Reply #24 on:** August 27, 2007, 06:27:46 PM »

Sorry for reOpening this, it has been awhile since i got back on my computer. I had to go out a lot and didn't have a chance to reply, I let my sister go on While i was away.

After things have been removed from the list in Hijackthis it was running fine for a week, Then i let my sister go on the computer. When i came back I had the same problem, again. $:-\$ With no programs running i heard this weird music out of no where come from my computer.

I have scanned for Viruses Using Nod32, Scanned for spyware using spysweeper
Both scanned in safe mode but no luck

Neik · « **Reply #25 on:** August 27, 2007, 06:29:43 PM »

Heres my HijackThis Log Now
Logfile of HijackThis v1.99.1
Scan saved at 8:28:06 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Eset\nod32krn.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Ventrilo\Ventrilo.exe
D:\Program Files\mIRC\mirc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\rzihjmcz.slt\prefs.js)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Name Creative] C:\DOCUME~1\Owner\APPLIC~1\CHICID~1\extragluecdrom.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

Neik · « **Reply #26 on:** August 27, 2007, 06:31:03 PM »

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160164617859
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Neik · « **Reply #27 on:** August 27, 2007, 06:33:08 PM »

O18 - Protocol: bwm0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {81338E24-FA0C-453F-A679-AF0F20ACD10C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

Neik · « **Reply #28 on:** August 27, 2007, 06:33:27 PM »

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

patio · « **Reply #29 on:** August 27, 2007, 07:38:13 PM »

You don't have a virus...you have a sister !

Just kiddin...someone should be along shortly.

Computer Hope Forum

News:

Author Topic: Virus? (Read 33658 times)

CBMatt

Re: Virus?

Neik

Re: Virus?

CBMatt

Re: Virus?

Neik

Re: Virus?

CBMatt

Re: Virus?

Neik

Re: Virus?

CBMatt

Re: Virus?

CBMatt

Re: Virus?

patio

Re: Virus?

Neik

Re: Virus?

Neik

Re: Virus?

Neik

Re: Virus?

Neik

Re: Virus?

Neik

Re: Virus?

patio

Re: Virus?