Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] AD system virus at taskbar


  • This topic is locked This topic is locked
9 replies to this topic

#1 Tha.Dude

Tha.Dude

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 10 May 2008 - 05:52 PM

hello i got this annoying problem in my computer after i caught my dad messing with it. Particularly there is blinking icon in my task bar (right bottom corner), similar to the windows update icon (yellow shield), but colored red shield with a X inside of it which changes into a blue color one with an interrogation sign inside of it now, that goes on and on. This icon displays a System Alert notice. if i want to close it, it takes me to advertising pages supposedly to protect my computer against malwares (which i find quiet ironic). But this is not only it, there are many web pages that pop up every 10 minutes with different kind of advertisings. And by last an exclamation sign inside of a yellow triangle appears blinking after some period of inactivity on my computer which pretty much takes me to some other ad. pages.

Also i found out that this same program has some kind of knowledge of my own computer, like IP address, type of connection, my email addresses, pictures, files allowed in my computer and others things that i don't remember that got me scared and made me think of a troyan or worm virus.

Well, i found out about the Hijackethis program which i have already downloaded and runned. i found some extrange file between the list which i deleted carefully, but i couldn't get rid of this dayam program, It only decreased the amount of pop ups.

if some one could provide me some help i would really appreciate it a lot. here i am attaching the hijackthis.log. thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:06 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\NetProject\scit.exe
C:\Archivos de programa\NetProject\sbmntr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Archivos de programa\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\inetsrv.exe
C:\WINDOWS\system32\ahr.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\NetProject\scm.exe
C:\Archivos de programa\NetProject\sbsm.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\FELIPE\Escritorio\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Archivos de programa\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - C:\WINDOWS\system32\834668\834668.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Archivos de programa\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Archivos de programa\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [inetsrv] C:\WINDOWS\system32\inetsrv.exe
O4 - HKLM\..\Run: [antihost] C:\WINDOWS\system32\ahr.exe
O4 - HKLM\..\RunServices: [Monitor] explore.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Archivos de programa\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Archivos de programa\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Archivos de programa\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O18 - Protocol: bw+0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 18671 bytes

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 14 May 2008 - 03:22 PM

Posted Image

Sorry about the delay in responding :(

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Tha.Dude

Tha.Dude

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 17 May 2008 - 06:05 PM

hey thanks.... well my computer has behaved just as I have described you before. poping up all this nasty advertising. if you can help me i would appreciate it. Thanks!

here is my hijackthis.log. The second one as you told me to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:20 PM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\NetProject\sbmntr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Archivos de programa\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\inetsrv.exe
C:\WINDOWS\system32\ahr.exe
C:\Archivos de programa\DAEMON Tools\daemon.exe
C:\Archivos de programa\NetProject\scm.exe
C:\Archivos de programa\NetProject\sbsm.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Winamp\winamp.exe
C:\Archivos de programa\NetProject\scit.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\FELIPE\Escritorio\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Archivos de programa\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Archivos de programa\NetProject\sbmdl.dll
O4 - HKLM\..\Run: [EPSON Stylus C63 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Archivos de programa\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [inetsrv] C:\WINDOWS\system32\inetsrv.exe
O4 - HKLM\..\Run: [antihost] C:\WINDOWS\system32\ahr.exe
O4 - HKLM\..\RunServices: [Monitor] explore.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Archivos de programa\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Archivos de programa\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Archivos de programa\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Archivos de programa\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Archivos de programa\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O18 - Protocol: bw+0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A1B1A42B-703F-4FF2-B530-957239ED3CC1} - C:\Archivos de programa\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 18706 bytes

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 17 May 2008 - 06:07 PM

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 Tha.Dude

Tha.Dude

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 May 2008 - 06:10 PM

Thanks again for helping me... I did as you told me, but it seems like i have a pretty bad virus in my computer. Right now i am writing you from my sister's computer, because mine got completely screwed. i ran both of the programs and I didn´t have any troubles running them. the last program Malwarebytes' Anti-Malware showed me a lot of troyan viruses allowed in different parts of my computer, some of them at system32, and some other where i can not remember now, well, i did exactly what u said, I clicked on Show Results to view the results, so i could Remove Selected items, and then came up the log with the notepad list. i saved it, and finally the malwarebytes program said i needed to restart my computer in order to finish the removal process, and that some files could not be removed (about 5 troyans allowed in different files), which were going to be listed on the notepad. I clicked on restart computer now, but my computer doesn't boot. the only thing you can see is the mouse white arrow in a full black screen, after 20 minutes i restarted my computer manually( pressing the restart button), and i ran it on safe mode, but the picture was the same, except by the white phrase "safe mode" on both bottom corners, left and right, and the phrase "microsoft copyright R. &%/$$/...." on top of the screen. Is there anything i can do on my computer ???.... well thanks for the help. have a nice day!!

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 21 May 2008 - 06:26 PM

except by the white phrase "safe mode" on both bottom corners, left and right,

When you boot up in Safe Mode it will take time for it to load. Give it some time and see what happens.

Also be sure you unplug the internet connection for now.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 Tha.Dude

Tha.Dude

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 May 2008 - 06:26 PM

Ohhh one more thing...I play starcraft online very often, and while playing this virus minimizes the program every time to show me the advertisings, but about a week ago the virus blocked my connection through the program (starcraft) with blizzard to play online. i don't know if that helps you to determine something. have a nice day !

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 21 May 2008 - 06:30 PM

except by the white phrase "safe mode" on both bottom corners, left and right,

When you boot up in Safe Mode it will take time for it to load. Give it some time and see what happens.

Also be sure you unplug the internet connection for now.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 28 May 2008 - 04:26 PM

Do you still need help with this?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 01 June 2008 - 03:22 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users