# Symantec Tamper Protection Alert Problem



## cegood (Oct 19, 2004)

In the last month I have begun to get "Symantec Tamper Protection Alert" messages frequently throughout the day, and it pops up when I am in different programs. Can anyone tell me how to discover the problem?


----------



## cybertech (Apr 16, 2002)

Hi, Welcome to TSG!!

Click *here* to download *HJTsetup.exe*
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to *C:\Program Files\Hijack This*.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## cegood (Oct 19, 2004)

Cybertech: Here's what the system scan came up with:

Logfile of HijackThis v1.99.1
Scan saved at 11:51:21 AM, on 5/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\Program Files\MDC\AEGIS Client\mgr8021x.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\PDF Complete\pdfsaver.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eku.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = facultystaff.eku.edu
O17 - HKLM\Software\..\Telephony: DomainName = facultystaff.eku.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = facultystaff.eku.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = facultystaff.eku.edu
O18 - Protocol: bw+0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {37C0DCD2-9267-4F4B-9A28-BECEF5CD7D56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: mdc - C:\WINDOWS\SYSTEM32\notification.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


----------



## cybertech (Apr 16, 2002)

Go to add/remove programs and remove Logitech Desktop Messenger. It is not required and not working properly. You can reinstall that later if you decide to.

I would like you go submit this file: C:\WINDOWS\SYSTEM32\notification.dll
here: http://virusscan.jotti.org/

It may be a hidden file so Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

Copy the information and post it back here in your next reply.


----------



## cegood (Oct 19, 2004)

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan: 
Service 
Service load: 0% 100%

File: notification.dll 
Status: OK 
MD5 b7ae5e03170f7b6d9578339279a91af6 
Packers detected: - 
Scanner results 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
Fortinet Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
UNA Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing

Powered by

Disclaimer 
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, and some people who prefer to remain anonymous... many thanks to all!

Statistics 
Last file scanned at least one scanner reported something about: sp50setup.exe, detected by:

Scanner Malware name 
AntiVir X 
ArcaVir X 
Avast Win32:UrlBot-B 
AVG Antivirus X 
BitDefender X 
ClamAV X 
Dr.Web X 
F-Prot Antivirus X 
Fortinet X 
Kaspersky Anti-Virus X 
NOD32 X 
Norman Virus Control X 
UNA X 
VirusBuster X 
VBA32 Backdoor.xBot.26

You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

Frequently asked questions - Feedback - Privacy policy

Page generated by JTPL

Copyright © 2004-2005 Jordi Bosveld <[email protected]>


----------



## cybertech (Apr 16, 2002)

I don't see anything in the log.

Download the trial version of Ewido Security Suite *here*.
Install ewido.
During the installation, under "Additional Options" *uncheck* "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click *update*
Click on *Start* and let it update.
*DO NOT* run a scan yet. You will do that later in safe mode.

*Click here* for info on how to boot to safe mode if you don't already know how.

Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
Click on *scanner*
Click *Complete System Scan* and the scan will begin.
During the scan it will prompt you to remove files, click *OK*
When the scan is finished, look at the bottom of the screen and click the *Save report* button.
Save the report to your desktop

Reboot to normal mode.

*Post a new HijackThis log and the log from Ewido.*


----------

