Desktop Hijack
Results 1 to 9 of 9

Thread: Desktop Hijack

  1. #1
    Registered User
    Join Date
    Aug 2006
    Posts
    4

    Desktop Hijack

    Hi everyone,
    looks like my desktop has been hijacked. A few months ago a trojan got to my desktop..it was one of those "click here to clean your system now" advertisements. I cleaned some stuff up, but looks like not everything is gone, as my desktop image is not appearing and I get the flashing grey/white screen.
    Any help would be appreciated. Attached in this thread and next is my hijackthis log.
    Thanks in advance for any help.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:27:24 PM, on 8/5/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\PurgeIE\PurgPro_Service.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\PROGRA~1\SYMANT~2\VPTray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    D:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\3Com\Launcher.exe
    C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
    C:\Program Files\Common Files\3Com\LanSupportService.exe
    C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.EXE
    D:\Hijack\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [5LL0TQ.exe] C:\temp\5LL0TQ.exe
    O4 - HKLM\..\Run: [038R3ER] ciatetab.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /registry /service
    O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConn ection OfotoNow
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
    O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Windows Mobile\PdaNetPC.exe
    O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\3Com\Launcher.exe
    Last edited by Fatboym; August 5th, 2006 at 01:31 PM.

  2. #2
    Registered User
    Join Date
    Aug 2006
    Posts
    4
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {442683CE-0D94-4960-953F-163A1918ED8F} (Pivotal eRelationship Active Access (Version 5.0) - Portal Control Proxy (rdaui.dll)) - http://pivotalweb/epower/cab/RdaUI.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1) -
    O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C064491-CD2A-4278-BA81-3F5BBEB477B1}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35FD4E57-18FA-4C2F-8842-352C33944979}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{71057B18-DEB8-4BDA-9CA0-9D36E5A9CC65}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{74F3C3FD-381A-4BEA-AEB8-2A1BF773ED66}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D24BDC-0AD5-4DF2-9738-6D626DA0CE83}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C084D886-166C-4292-AD50-173EB3072435}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D2F5B894-F8A3-4B66-8803-1609A59318A1}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D81577-5820-4E6A-8597-D33435B7AC36}: NameServer = 85.255.116.98,85.255.112.123
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F3D48DEE-3255-40C9-A00B-D8B61E18A4C6}: NameServer = 85.255.116.98,85.255.112.123
    O18 - Protocol: bw+0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    Last edited by Fatboym; August 5th, 2006 at 01:31 PM.

  3. #3
    Registered User
    Join Date
    Aug 2006
    Posts
    4
    O18 - Protocol: bwb0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {1D3C8349-9C4E-45D4-BE7B-275D834A69C5} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O21 - SSODL: System - {647EFAE7-8D66-4AD2-BE24-82FB0E7477A1} - C:\WINDOWS\system32\system32.dll (file missing)
    O23 - Service: 3Com Wireless LAN Support (AllWirelessLansService) - Unknown owner - C:\Program Files\3Com\WLAN Manager\AllWirelessLansService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: 3Com LAN Support (LanSupportService) - 3Com Corporation - C:\Program Files\Common Files\3Com\LanSupportService.exe
    O23 - Service: PurgPro XP Service (PurgProService) - Assistance & Resources for Computing, Inc. - C:\Program Files\PurgeIE\PurgPro_Service.exe
    O23 - Service: 3Link Engine (SAEngine) - 3Com Corporation - C:\Program Files\3Com\3Link\SAEngine.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

  4. #4
    Registered User
    Join Date
    Feb 2006
    Location
    Canada, Eh!
    Posts
    4,091
    5LL0TQ.exe doesn't Google as anything - it is in your C:/Temp folder.

    ciatetab.exe doesn't Google as anything.

    PdaNetPC.exe shows in a couple places discussing bad stuff.

    O21 - SSODL: System - {647EFAE7-8D66-4AD2-BE24-82FB0E7477A1} - C:\WINDOWS\system32\system32.dll (file missing) : This is not good.

    [TkBellExe] is identified as a mass mailer by some sites.

    That is not to say ANY of those are causing your problem - it does say that stuff that isn't on Google hardly at all is strange.

    Me, I would copy off whatever I could and do a clean insstall, probably even doing a disk overwrite with the 0-1 stuff to clean EVERYTHING.

  5. #5
    Registered User peshek77's Avatar
    Join Date
    Oct 2004
    Posts
    99
    http://www.ultimatebootcd.com/download.html

    Try this link and if you can burn the image on another PC then you might not need to do a full reinstall. It has several antivirus/anti-spyware software programs on there, so it might be of some use to you. I don't think it will help you for the system32.dll missing. I am pretty sure, however that after you run the scans and clean whatever you find, just copy a system32.dll from another machine that runs the same operating system. I have not tried that last part and unfortunately to say it will either fix it, do nothing, or make it worse.


    PS: CCT I know you have seen a similar post before .
    If con is the opposite of pro, what's the oppisite of progress?

    -----------

    I mean, if I went round saying I was an emperor just because some moistened bint had lobbed a scimitar at me, they'd put me away! - Monty Python

  6. #6
    Registered User
    Join Date
    Aug 2006
    Posts
    4
    Thanks for your suggestions. This is going to be a lot more effort then I thought. I had thought it was going to be a quick delete this, safe mode restart, and delete that.
    System32.dll missing is bad though, didn't even notice that.
    Thanks again..I'll have to find some time to try your suggestions.

  7. #7
    Registered User
    Join Date
    Aug 2000
    Location
    Saltburn, Cleveland, United Kingdom
    Posts
    632
    System32.dll is NOT a legit Windows file. Google for system32.dll
    You've still got spyware. Check NooNoo's sticky thread.
    I think I know just enough to know how much I don't know... I think...

  8. #8
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Uhm, perhaps the spyware is gone already. I know a few removal tools don't return the standard desktop (spyaxe variants for example). The spyware changes the background to an active desktop and points it towards a specific file on the local drive (secur32.html comes to mind here). Try changing your desktop and reboot, if the malware is still there, then clean more, otherwise, you will probably be good.

    Use ewido, X-cleaner, and if you can afford it, spysweeper to clean your system.
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  9. #9
    Registered User caffinatedfox's Avatar
    Join Date
    Sep 2006
    Location
    Sadly, @ my computer
    Posts
    6
    do u have viruswear? if not i would get AVG Free. i like it works fast good ect...
    http://free.grisoft.com/doc/avg-anti.../lng/us/tpl/v5 theres a link. it boots up VERY fast and updates it self like every other day for free!

Similar Threads

  1. CPU NEWS: Core Duo on the Desktop
    By TechZ in forum Tech News
    Replies: 0
    Last Post: April 18th, 2006, 07:55 AM
  2. GP Locks out Adding Desktop Icons
    By Snuggleywuggle in forum Windows Server 2003 & Windows Home Server
    Replies: 0
    Last Post: June 6th, 2005, 05:59 AM
  3. Need replace bad driver to boot to desktop
    By zalman in forum BIOS/Motherboard Drivers
    Replies: 0
    Last Post: December 5th, 2004, 10:16 PM
  4. CD's causing reboot
    By Taz Devil in forum CD-ROM/CDR(-W)/DVD Drivers
    Replies: 5
    Last Post: February 23rd, 2004, 02:23 PM
  5. [RESOLVED] a DIFFERENT vrtual desktop
    By mrstickerman in forum Video Adapter/Monitor Drivers
    Replies: 0
    Last Post: December 26th, 2000, 11:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •