NJCommuter Posted November 9, 2011 ID:493041 Share Posted November 9, 2011 I'm running Vista Home Premium with Service Pack 2. Norton security suite consistently running.About a week ago, spam emails purportedly from me went to several people in my email list. This recurred (seem to be mainly with links to purported Canadian pharmacy). I also noted that on attempted installation of programs, I would get a pop-up stating that I didn't have administrative privileges - I am the only user on this machine.Feeling that this was likely viral, I ran system scans with Norton, Microsoft Security Essentials, HouseCall, SuperAntispyware, and Malwarebytes. Besides for some tracking cookies, all scans were negative. In the last several days, I haven't had a repeat of emails being sent, but continue to have issues related to administrative privileges (for example, when I attempted to run HJT, I get a "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HJT may NOT be able to fix this....". If I exit HJT, right click on HJT and "Run as administrator" then it is not a problem. Similar issues when I was attempting to run the antivirus software).HJT log is below. Am I being paranoid or is there something that was missed by 5 separate antivirus software?Thanks for any help.EdLogfile of Trend Micro HijackThis v2.0.4Scan saved at 1:02:16 PM, on 11/9/2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\hp\support\hpsysdrv.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\System32\spool\drivers\w32x86\3\E_S10IC2.EXEC:\Windows\System32\rundll32.exeC:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\System32\rundll32.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Canon\MyPrinter\BJMYPRT.EXEC:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXEC:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exeC:\Windows\ehome\ehtray.exeC:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\WinSplit Revolution\WinSplit.exeC:\Program Files\Squeezebox\SqueezeTray.exeC:\Program Files\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\WinSplit Revolution\WinSplitDrvr32.exeC:\Windows\system32\WTablet\Wacom_TabletUser.exeC:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exeC:\PROGRA~1\SQUEEZ~2\server\SQUEEZ~3.EXEC:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\PROGRA~1\SQUEEZ~2\server\Bin\MSWin32-x86-multi-thread\socketwrapper.exeC:\PROGRA~1\SQUEEZ~2\server\Bin\MSWin32-x86-multi-thread\faad.exeC:\PROGRA~1\SQUEEZ~2\server\Bin\MSWin32-x86-multi-thread\flac.exeC:\Windows\system32\ntvdm.exeC:\Program Files\mozilla firefox\firefox.exeC:\Program Files\mozilla firefox\plugin-container.exeC:\Users\Ed\Desktop\Downloaded\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLLO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [EPSON Stylus Photo 2200] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus Photo 2200" /O6 "USB001" /M "Stylus Photo 2200"O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXEO4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exeO4 - HKLM\..\Run: [PC Pitstop PC Matic Reminder] C:\Program Files\PCPitstop\PC Matic\Reminder-PCMatic.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logonO4 - HKLM\..\Run: [iJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [Google Update] "C:\Users\Ed\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [PxDotNetLoader] "C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automountO4 - HKCU\..\Run: [Winsplit] C:\Program Files\WinSplit Revolution\WinSplit.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Users\Ed\AppData\Local\Akamai\netsession_win.exeO4 - HKCU\..\Run: [Epson Stylus Photo R3000(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGHA.EXE /FU "C:\Windows\TEMP\E_SA41B.tmp" /EF "HKCU"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Logitech Media Server Tray Tool.lnk = C:\Program Files\Squeezebox\SqueezeTray.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://www.dellnet.com/ (file missing) (HKCU)O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://*.mcafee.comO16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://portal031.state.nj.us/dwa8W.cabO18 - Protocol: bw+0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: offline-8876480 - {8A3549F7-73F9-44F7-A77E-3B1F48AC50E6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeO23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exeO23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exeO23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exeO23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exeO23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe--End of file - 24430 bytes Link to post Share on other sites More sharing options...
Staff screen317 Posted November 15, 2011 Staff ID:494953 Share Posted November 15, 2011 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, download DDS by sUBs and save it to your Desktop. Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 21, 2011 Staff ID:496710 Share Posted November 21, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 6, 2011 Staff ID:501852 Share Posted December 6, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts