Spybot Logo
Go Back   Safer-Networking Forums > General Malware > Archives
Reload this Page Windows.RedirectedHosts - Disables Spybot
Register ProjectsBlogs FAQ Search Today's Posts Mark Forums Read Home Support Download Donate

 
 
Thread Tools Display Modes
Old 2006-09-25, 03:33   #1
ChadTHX1138
Junior Member
 
Join Date: Sep 2006
Posts: 5
Default Windows.RedirectedHosts - Disables Spybot
Hi gang!

My wife picked up a nasty redirect which wants you to buy thier software to fix the problem etc. Yeah right! the company calls itself "adarmor" by Tenebril
(pointed out by Tashi)

Anyway Spy Bot detects it all right but when it comes to repairing it, an ERROR message comes up.

ERROR

(cannot create file "C:\WINNT\system32\drivers\etc\hosts

it says another program is running the same thing so it cannot fix the problem then Spybot locks up and you have to End Spybot.


Anyway i saved a report...but it is HUGEMONGEOUS should I paste it here or narrow my options?

Thanks again fellers and keep Fightin the good fight.
ChadTHX1138 is offline  
Old 2006-09-25, 04:15   #2
tashi
Member of Team Spybot
 
tashi's Avatar
 
Join Date: Oct 2005
Location: USA
Posts: 23,455
Rated LASSHes: 16
Default
Hi there.

I gave the instructions for posting in this forum here:
http://forums.spybot.info/showthread.php?t=7579

But you have only repeated your first post.

Please follow the instructions in this sticky topic:
"BEFORE you POST" -Preliminary Steps

Then a helper will advise you as soon as available.
__________________
UNITE-ASAP

Microsoft MVP. Consumer Security 2006-2010

Please help us improve Spybot, download our distributed testing client
tashi is online now  
Old 2006-09-25, 07:09   #3
ChadTHX1138
Junior Member
 
Join Date: Sep 2006
Posts: 5
Default Hijack this log
I will go and get the logs for the online scanners.

my wife ran Hijackthis, here's the log info...

Logfile of HijackThis v1.99.1
Scan saved at 12:00:22 AM, on 9/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\pctspk.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINNT\system32\LVCOMSX.EXE
E:\bigfight\HijackThis.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ElkCtrl.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 1223167118 0-0sex.com
O1 - Hosts: 1223167118 www.0-0sex.com
O1 - Hosts: 1223167118 1-800-pussy.com
O1 - Hosts: 1223167118 www.1-800-pussy.com
O1 - Hosts: 1223167118 1000galeriasporno.com.ar
O1 - Hosts: 1223167118 www.1000galeriasporno.com.ar
O1 - Hosts: 1223167118 1000hornysluts.com
O1 - Hosts: 1223167118 www.1000hornysluts.com
O1 - Hosts: 1223167118 1000pix.com
O1 - Hosts: 1223167118 www.1000pix.com
O1 - Hosts: 1223167118 1001movies.com
O1 - Hosts: 1223167118 www.1001movies.com
O1 - Hosts: 1223167118 100orgasms.com
O1 - Hosts: 1223167118 www.100orgasms.com
O1 - Hosts: 1223167118 100pour100sexe.com
O1 - Hosts: 1223167118 www.100pour100sexe.com
O1 - Hosts: 1223167118 101cumlovers.com
O1 - Hosts: 1223167118 www.101cumlovers.com
O1 - Hosts: 1223167118 101pornstars.com
O1 - Hosts: 1223167118 www.101pornstars.com
O1 - Hosts: 1223167118 101stars.com
O1 - Hosts: 1223167118 www.101stars.com
O1 - Hosts: 1223167118 101teen.com
O1 - Hosts: 1223167118 www.101teen.com
O1 - Hosts: 1223167118 11shemales.com
O1 - Hosts: 1223167118 www.11shemales.com
O1 - Hosts: 1223167118 121av.com
O1 - Hosts: 1223167118 www.121av.com
O1 - Hosts: 1223167118 18enne.com
O1 - Hosts: 1223167118 www.18enne.com
O1 - Hosts: 1223167118 18hentai.com
O1 - Hosts: 1223167118 www.18hentai.com
O1 - Hosts: 1223167118 18hut.com
O1 - Hosts: 1223167118 www.18hut.com
O1 - Hosts: 1223167118 18moviethumbs.com
O1 - Hosts: 1223167118 www.18moviethumbs.com
O1 - Hosts: 1223167118 18plusgalleries.com
O1 - Hosts: 1223167118 www.18plusgalleries.com
O1 - Hosts: 1223167118 18post.com
O1 - Hosts: 1223167118 www.18post.com
O1 - Hosts: 1223167118 18sexbox.com
O1 - Hosts: 1223167118 www.18sexbox.com
O1 - Hosts: 1223167118 18tease.com
O1 - Hosts: 1223167118 www.18tease.com
O1 - Hosts: 1223167118 18to19.com
O1 - Hosts: 1223167118 www.18to19.com
O1 - Hosts: 1223167118 18turnwhores.com
O1 - Hosts: 1223167118 www.18turnwhores.com
O1 - Hosts: 1223167118 18yearoldpussy.com
O1 - Hosts: 1223167118 www.18yearoldpussy.com
O1 - Hosts: 1223167118 18young.com
O1 - Hosts: 1223167118 www.18young.com
O1 - Hosts: 1223167118 1bigthumbup.com
O1 - Hosts: 1223167118 www.1bigthumbup.com
O1 - Hosts: 1223167118 1free-porn-finder.com
O1 - Hosts: 1223167118 www.1free-porn-finder.com
O1 - Hosts: 1223167118 1freepicsgallery.com
O1 - Hosts: 1223167118 www.1freepicsgallery.com
O1 - Hosts: 1223167118 1hardcoreporn.com
O1 - Hosts: 1223167118 www.1hardcoreporn.com
O1 - Hosts: 1223167118 1on3sex.com
O1 - Hosts: 1223167118 www.1on3sex.com
O1 - Hosts: 1223167118 1sexlinks.com
O1 - Hosts: 1223167118 www.1sexlinks.com
O1 - Hosts: 1223167118 1stchoicepornlinks.com
O1 - Hosts: 1223167118 www.1stchoicepornlinks.com
O1 - Hosts: 1223167118 1stmovieclub.net
O1 - Hosts: 1223167118 www.1stmovieclub.net
O1 - Hosts: 1223167118 2000nakedgirls.com
O1 - Hosts: 1223167118 www.2000nakedgirls.com
O1 - Hosts: 1223167118 24-7balckbooty.com
O1 - Hosts: 1223167118 www.24-7balckbooty.com
O1 - Hosts: 1223167118 247freeassmovies.com
O1 - Hosts: 1223167118 www.247freeassmovies.com
O1 - Hosts: 1223167118 2hotpictures.com
O1 - Hosts: 1223167118 www.2hotpictures.com
O1 - Hosts: 1223167118 2hotvideos.com
O1 - Hosts: 1223167118 www.2hotvideos.com
O1 - Hosts: 1223167118 2jizz.com
O1 - Hosts: 1223167118 www.2jizz.com
O1 - Hosts: 1223167118 2naughty.net
O1 - Hosts: 1223167118 www.2naughty.net
O1 - Hosts: 1223167118 2so2.com
O1 - Hosts: 1223167118 www.2so2.com
O1 - Hosts: 1223167118 2teens.net
O1 - Hosts: 1223167118 www.2teens.net
O1 - Hosts: 1223167118 30galleries.com
O1 - Hosts: 1223167118 www.30galleries.com
O1 - Hosts: 1223167118 310exotics.com
O1 - Hosts: 1223167118 www.310exotics.com
O1 - Hosts: 1223167118 345blastave.com
O1 - Hosts: 1223167118 www.345blastave.com
O1 - Hosts: 1223167118 3mpeg4u.us
O1 - Hosts: 1223167118 www.3mpeg4u.us
O1 - Hosts: 1223167118 3pic.com
O1 - Hosts: 1223167118 www.3pic.com
O1 - Hosts: 1223167118 3pixxx.com
O1 - Hosts: 1223167118 www.3pixxx.com
O1 - Hosts: 1223167118 3xtrem.com
O1 - Hosts: 1223167118 www.3xtrem.com
O1 - Hosts: 1223167118 40galleries.com
O2 - BHO: Yahoo! Companion BHO -
ChadTHX1138 is offline  
Old 2006-09-25, 07:10   #4
ChadTHX1138
Junior Member
 
Join Date: Sep 2006
Posts: 5
Default 2nd half
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINNT\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINNT\system32\shdocvw.dll (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info...TunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1156474633987
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E922EBC9-50D4-4B53-B454-73376453E98D} (LOSActiveX.MainForm) - https://www.xpertonline.net/losactivex/LOSActiveX.CAB
O18 - Protocol: bw+0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C3F46953-E965-4A9E-8091-98048E9D3C81} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\System32\pctspk.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton Speed Disk\nopdb.exe
ChadTHX1138 is offline  
Old 2006-10-01, 00:29   #5
LonnyRJones
Visiting Staff
 
Join Date: Oct 2005
Posts: 5,089
Default
Hello

Replace the file called Hosts , instructions are provided here
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month


How old is your Norton program and is it still able to update ?

Post another hijackthis log.

Post a panda report
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
__________________
~~~~~~~~~~~~~~~~~~~~~~~
Microsoft MVP Windows-Security 2006
LonnyRJones is offline  
Old 2006-10-09, 08:05   #6
tashi
Member of Team Spybot
 
tashi's Avatar
 
Join Date: Oct 2005
Location: USA
Posts: 23,455
Rated LASSHes: 16
Default
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.
__________________
UNITE-ASAP

Microsoft MVP. Consumer Security 2006-2010

Please help us improve Spybot, download our distributed testing client
tashi is online now  
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 17:22.

Contact Us - Safer-Networking Limited - Archive - Privacy Statement - Top

Copyright © 2000-2010 Safer-Networking Limited. All rights reserved.