Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

possibleTrojans+assortedMALWARE_w/Complications

Started by bri , Jun 08 2005 08:16 PM

Please log in to reply

#1
bri

Posted 08 June 2005 - 08:16 PM

Member

Member
14 posts

Topic_Title: possibleTrojans+assortedMALWARE_w/Complications
Topic_Descrip: TDS-3_log_incl'd

User: bri

ATTACHMENT: <file:srvclog0.TXT> - (there are SEVERAL key points noted in this log)

# Issue
= -----
1o?> Trojans? (including possibly-now-resolved startup-page issue(s))
2o?> malware? (take note of the TDS-3 log and the apparent results from both ad-aware and spybot)
3o?> {those long-ago-disabled startup items now being re-enabled (from the get-go) resolved ???}
4o?> (from) ghosting from old c (new d) to his (my friend's) added new c hard drive?
5o?> GuardDog.exe startup item problem (from the ghosting of the new hard drive)
6o?> initial failed dialup disconnects (intermittent) {on all three of these win98SE systems here}
7o?> ad-aware setting unsettable (?in_win98SE_only???) { config > tweak > cleaning_engine > (2) }
8o?> {lurking/remaining "Pest_Patrol" settings/files detected by spybot.! (???)} (no err_dialog yet)
9o?> (note that all three scannings crashed at some point: ad-aware, spybot, and housecall)

ao?> ...?

Please bear in mind and take into consideration that i've tried to follow directions as carefully as I possibly could, and that this is my very first post ever, and my very first experience with your site.
Thank you one and all... (Thanks especially for access to LiveChat which has helped immensely...)

I have now completed all of the steps up to the end, EXcluding TDS-3 + HJT log, but then half-relented:

I've decided to go ahead and pre-run TDS-3, as indicated by the malware removal forum initial "start_here" link, after reading how you guys decide your first-come-first-serve basis for replying-to/handling new topics.. And to further expedite my friend's issue (it's his computer i'm working on prior to working on my own systems, some time later on in the future), i've decided to fully complete your requirements beforehand, instead of asking how to proceed first... (Someone in livechat has given me hopefully good advice respectively, on how to handle the matter of TDS-3 not being free.. the person recommended "MooScann" for trojan protection, so i'll undoubtedly check that product out eventually.)
Other than that, my question was going to be (AMMENDED: "..is yet..") to see if there was (is) anything else needing doing, prior to the HJT logging, considering i ran into so many PRE-procedural problems prior to being able to get to the point/step at the bottom of the list of posting my friend's HJT log to the forum.. thanks.

(Even should the computer prove malware-free, I'm wondering where to take this Issue for the case of OPTIMIZing his system for him, please?? Please Advise us. Thank you all.)

(By "Optimize," i mean to get rid of unnecessary startup items, and such-like...)

(PLEASE SEE:) There should be an IMPORTANT Service Log ATTACHMENT (<file:srvclog0.TXT>) attached to this initial posting .....

-bri/bcc

p.s. Ok. Ran TDS-3 (<timestamp:"5:55 AM 6/4/05">).. ..which provided the "scandump.txt" file at the end_current of this document, and for which I've taken no action thusfar;
Ok. Re-checked for Windows Critical Updates .. still shows all critical updates and service packs to already have been installed;
Ok. Re-booted, and tested .. Still having GuardDog.exe being asked for (a firewall or internet security product), and other issues, herein-named (constant internet access, failed initial modem dialups, etc), still at play ..;

(Another issue that's long been at play, is, at irregular intervals, drive d (the old bootup hard drive) seeks for what seems to be a fairly lengthy period, making hard drive running-sounds (on and off, over and over again), then may quit for a long while, then resume for a while some long while after that...)

<--->
(Ok. Posting my friend's HiJackThis log... .. ... please get back to me at (one of) your earliest convenience(s). Thanks Much.)
PLEASE NOTE THAT I'VE POSTPONED THIS last STEP for now(timestamp:"6:57 PM 6/4/05"> PENDING FURTHER DIRECTIONS/INSTRUCTIONS From You.!

Thanks sooo *VERy* much.!!!.

<-SNIP->

<..> {TDS-3's (trojan defense suite - 3) "scandump.txt" file, follows:..}

(Ad-Aware and SpyBot *seem* to be coming up clean - please see the attachment(<file:srvclog0.TXT>) for details...)

Scan Control Dumped @ 05:32:00 04-06-05
RegVal Trace: Adware.BiSpy: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Belt=C:\WINDOWS\BELT.exe]

Positive identification: Adware.ToolBar.EliteBar.z2
File: c:\windows\sideb.exe

Positive identification (DLL): Adware.ToolBar.EliteBar.ac (dll)
File: c:\windows\system\shawn_1.dll

Positive identification (DLL): Adware.ToolBar.MyWay.f (dll)
File: c:\program files\netscape\communicator\program\plugins\npmyway.dll

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\digital imaging\hpisinst\install.wse.exe

Suspicious Filename: Dual extensions
File: c:\program files\hewlett-packard\hp instant support di\temp\install.wse.exe

Positive identification: Riskware.ProcessRestart
File: c:\program files\logitech\desktop messenger\8876480\7.2.0.137-8876480sl\program\restart.exe

Generic Detection: Possible trojan with password-stealing capability
File: c:\save\software\win98\tools\reskit\netadmin\pwledit\pwledit.exe

<..> {(HiJackThis)HJT_log(initial_1st):..} *** POSTPONED!!! ***

***_Postponed!!!_*** - ( right_now, being: <timestamp:"6:58 PM 6/4/05">)

... (post, pENDing instructions) <changed my mind - will save the very last step, pending further directions From You...thanks!>...

..>>> aWaiting further instruction.. Please adVise.. Over. ...

<end_initial-post(minus_An-Important-ATTACHMENT:<file:srvclog0.TXT>)>

<-SNIP-> (following, the HJT log)

Logfile of HijackThis v1.99.1
Scan saved at 11:06:39 PM, on 6/8/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\LAUNCHER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\PROGRAM FILES\IDEASOFT\SPAM ELIMINATOR\SPAMELIMINATOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://lw8fd.law8.ho...24c7f212109942d
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Western Michigan University
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\SYSTEM\Launcher.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Mailround Mailman] "C:\Program Files\Mailround\Mailman\bin\bMailGUI.exe" C:\Program Files\Mailround\Mailman\bin\bMailGUI.ini /showIcon
O4 - HKLM\..\Run: [PP7600usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [usczwgn] C:\WINDOWS\SYSTEM\pbvwcqi.exe
O4 - HKLM\..\Run: [XupiterToolbarLoader] C:\Program Files\Xupiter\\XupiterToolbarLoader.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [ujchkv] C:\WINDOWS\ujchkv.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS12E4.TMP /R /A
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [DDCM] ":C:\PROGRAM FILES\WILDTANGENT\DDC\DDCMANAGER\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] ":C:\PROGRAM FILES\WILDTANGENT\DDC\ACTIVEMENU\DDCACTIVEMENU.EXE" -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Guard Dog.lnk = C:\Program Files\CyberMedia Guard Dog\GuardDog.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Spam Eliminator.lnk = C:\Program Files\IdeaSoft\Spam Eliminator\SpamEliminator.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O18 - Protocol: offline-8876480 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

Attached Files

srvclog0.TXT 14.01KB 207 downloads

Edited by bri, 08 June 2005 - 09:14 PM.

#2
insipid

Posted 08 June 2005 - 10:01 PM

Visiting Staff

Member
313 posts

bri,

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run full scans with Ad-Aware SE and Spybot-S&D as follows:
(If you already have Ad-Aware SE 1.05 and Spybot 1.3 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

Full Ad-Aware Scan
Please download Ad-Aware SE from here:
http://www.majorgeek...ownload506.html
Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the "Scanning" button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on "Cleaning Engine" and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on "Safety Settings" and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.

Download the latest version of Spybot from either:
* http://www.safer-net...load/index.html
* http://www.spybot.in...rors/index.html
Install spybot and by default is should install into C:\Program Files\Spybot - Search & Destroy.
Run Spybot by clicking on "Start" => "Programs" => "Spybot - Search & Destroy" => "Spybot - Search & Destroy".
The first time you run it, allow it to create a backup of your registry when prompted. This will take a few minutes to complete.
Click on "Search for Updates".
If any updates are found, place a check mark next to each and click on "Download Updates".
Click on "Immunize" and once it detects what has or has not been blocked, block all remaining items by clicking on the green plus sign next to immunize at the top.
Click on "Search & Destroy" => "Check for Problems".
When Spybot is complete, it will show RED entries, BLACK entries, and GREEN entries in the window.
Make sure there is a check mark beside the RED entries ONLY.
Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

Reboot normally.

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Please download CCleaner from here:
http://www.ccleaner.com
Install and run it, and clean out your Temporary and Temporary Internet Files (as well as anything else you may want to clean out.)

#3
bri

Posted 09 June 2005 - 01:07 PM

Member

Topic Starter
Member
14 posts

Topic_Title: possibleTrojans+assortedMALWARE_w/Complications
Topic_Descrip: TDS-3_log_incl'd

User: bri (my First reply)

>> ..MORE!:.. (PLEASE SEE Our SECOND (2nd) hijackthis-log, FOLLOWING @bottom, THANKs!:..) {*sigh* seems very similar to the original}

ATTACHMENT: <file:srvclog1.TXT> - ( _IMPORTANT_ service log: !ERRORs! that occurred.. *this*_time *sigh* )

> I tried to follow your initial instructions to the letter: minus your "scanner-updates in safemode" change;
> ..(safemode aaw and sb scans went off a-ok, BUT HAD TROUBLE WITH Panda ActiveScan; ..ccleaner, check..a-ok!).

(PLEASE SEE:) There should ALSO be a(nother) Service Log ATTACHMENT (<file:srvclog1.TXT>) attached to this, my first reply posting .....

..>>> aWaiting further instruction.. Please adVise.. Over. ...

-bri/bcc

p.s. Our THANKS go Out to Insipid and the entire GeeksToGo Staff and all of the wonderful helpers ...!..

p.P!s. i *Promise*.. much *Much* less detail on future posts + future issues, THANKs ..please bear w/me...

<end_1ST-reply-post(minus_A-Hopefully-Helpful-ATTACHMENT:<file:srvclog1.TXT>)>

<-snip-> {following, our SECOND (HiJackThis)HJT_log(2ND):..}

Logfile of HijackThis v1.99.1
Scan saved at 12:12:32 PM, on 6/9/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\LAUNCHER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\IDEASOFT\SPAM ELIMINATOR\SPAMELIMINATOR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://lw8fd.law8.ho...24c7f212109942d
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Western Michigan University
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\SYSTEM\Launcher.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Mailround Mailman] "C:\Program Files\Mailround\Mailman\bin\bMailGUI.exe" C:\Program Files\Mailround\Mailman\bin\bMailGUI.ini /showIcon
O4 - HKLM\..\Run: [PP7600usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [usczwgn] C:\WINDOWS\SYSTEM\pbvwcqi.exe
O4 - HKLM\..\Run: [XupiterToolbarLoader] C:\Program Files\Xupiter\\XupiterToolbarLoader.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [ujchkv] C:\WINDOWS\ujchkv.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS12E4.TMP /R /A
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe
O4 - HKLM\..\Run: [DDCM] ":C:\PROGRAM FILES\WILDTANGENT\DDC\DDCMANAGER\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] ":C:\PROGRAM FILES\WILDTANGENT\DDC\ACTIVEMENU\DDCACTIVEMENU.EXE" -boot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [LDM] \Program\
O4 - Startup: Guard Dog.lnk = C:\Program Files\CyberMedia Guard Dog\GuardDog.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Spam Eliminator.lnk = C:\Program Files\IdeaSoft\Spam Eliminator\SpamEliminator.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: offline-8876480 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

Attached Files

srvclog1.TXT 5.51KB 418 downloads

#4
insipid

Posted 09 June 2005 - 04:19 PM

Visiting Staff

Member
313 posts

bri, don't worry too much about the Panda scan, sometimes malware prevents online scans from running.

Your problem with Logitech Desktop Manager can easily be solved. I recommend disabling it just because it uses backweb.

BackWeb is a 'general' term for a tool/program that downloads data for some software companies.
Mostly used for updates, but can also 'collect' information from your PC and send it out to unknown destinations.
F secure, Logitech, HP, Kodak, etc... use it, just to name a few.
It's up to you if you want it.

This link may help: http://www.cexx.org/dlgli.htm

Here's a link that explains BackWeb a little more:
http://www.neuber.co...876480.exe.html

And this is from Logitech:
http://forums.logite...mentID=10149139

So, as the links suggest, go to "Start," "Programs," "Logitech," and click on "Desktop Messenger."
Then disable either or both check boxes.

If that doesn't work go to your Add/Remove Programs
(Click Start, click Control Panel, and then double-click Add or Remove Programs "Change or Remove Programs")
and Remove BackWeb-8876480.exe (if it's there).

Rescan with HijackThis and place a checkmark next to the following entries:

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [usczwgn] C:\WINDOWS\SYSTEM\pbvwcqi.exe
O4 - HKLM\..\Run: [XupiterToolbarLoader] C:\Program Files\Xupiter\\XupiterToolbarLoader.exe
O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe
O4 - HKLM\..\Run: [ujchkv] C:\WINDOWS\ujchkv.exe
O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS12E4.TMP /R /A
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\SATMAT.exe

You're running WildTangent, which collects data about your surfing habits. It's unnecessary, I suggest you remove it. Here are the items to fix with HJT and you will need to remove the main program as well:

O4 - HKLM\..\Run: [DDCM] ":C:\PROGRAM FILES\WILDTANGENT\DDC\DDCMANAGER\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] ":C:\PROGRAM FILES\WILDTANGENT\DDC\ACTIVEMENU\DDCACTIVEMENU.EXE" -boot

You have PowerReg Scheduler in your log. This is a registration reminder that is used by a number of different companies. It is not needed and some people think that it reports back to the company about your computer, so I suggest fixing it...

O4 - Startup: PowerReg SchedulerV2.exe

Now, close all windows including your browser and then click "Fix Checked" in Hijackthis.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

XupiterToolbarLoader (or similar)
WildTangent (if you chose to fix it with HJT)

Please delete these folders using Windows Explorer(if present):

C:\Program Files\Xupiter\
C:\PROGRAM FILES\WILDTANGENT\ (again, if you chose to fix it)

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\SYSTEM\pbvwcqi.exe
C:\WINDOWS\BELT.exe
C:\WINDOWS\ujchkv.exe
C:\WINDOWS\SATMAT.exe

Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.

Reboot and Please run this online virus scan: [url=http://housecall.trendmicro.com/]Trendmicro Housecall

Let me know of any files it can't delete.

Reboot and post a fresh HJT log.

#5
bri

Posted 09 June 2005 - 08:54 PM

Member

Topic Starter
Member
14 posts

>>> Micro Trend's housecall bsod'ed, and then found NO problem files.

(There were other issues.)

-bri/bcc

<-snip->

Logfile of HijackThis v1.99.1
Scan saved at 10:49:31 PM, on 6/9/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\LAUNCHER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\IDEASOFT\SPAM ELIMINATOR\SPAMELIMINATOR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://lw8fd.law8.ho...24c7f212109942d
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Western Michigan University
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\SYSTEM\Launcher.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Mailround Mailman] "C:\Program Files\Mailround\Mailman\bin\bMailGUI.exe" C:\Program Files\Mailround\Mailman\bin\bMailGUI.ini /showIcon
O4 - HKLM\..\Run: [PP7600usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Guard Dog.lnk = C:\Program Files\CyberMedia Guard Dog\GuardDog.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Spam Eliminator.lnk = C:\Program Files\IdeaSoft\Spam Eliminator\SpamEliminator.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: offline-8876480 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

#6
insipid

Posted 10 June 2005 - 09:58 AM

Visiting Staff

Member
313 posts

bri, that's a clean log :tazz:

. You say you're having some other troubles, can you describe them to me?

To reduce re-infection potential for malware in the future:

Please read Tony Klein's article: So how did I get infected in the first place?.

It is extremely important to keep Windows and Internet Explorer up-to-date. Please go to http://v5.windowsupd...t.aspx?ln=en-us regularly and install ALL critical updates.

It would be a good idea to install a firewall if you don't have one . Here are a few free ones:
Kerio Personal Firewall
Zone Alarm
Sygate Personal Firewall

I strongly recommend installing three free programs: SpywareBlaster, SpywareGuard, and IE/Spyad.

Use AdAware SE and Spybot S&D regularly to scan your system. Links to excellent tutorials on these programs are in my signature below.

Finally, I suggest downloading and trying Mozilla Firefox browser. Firefox is a free fully functional browser. It's much safer than Internet Explorer.

#7
bri

Posted 13 June 2005 - 12:13 AM

Member

Topic Starter
Member
14 posts

Insipid: Ok.! Thanx a Tonnage!.. ..some more things, as you asked clarification:.. optimizing.. do i take these issues to a different forum ??

(Just to let you know, Insipid: I've read most everything you recommended for reading: not sure how well my friend, who owns the system, is going to read the stuff, if at all, but at least i should have mozilla_firefox, SpywareBlaster, SpywareGuard, and IE/Spyad installed soon... (as soon as i've posted this, slept, and gotten back to it all, .....tomorrow.. "Night!" *goes off to sleep* <timestamp:"1:42 AM 6/13/05">)
<One last thing(this_post): I Also intend to add mozilla_firefox to my Own collection of browsers, and to yet clean and update my Own systems with all of this software or as directed, and to include SpywareBlaster, SpywareGuard, and IE/Spyad... Thank you..*VERy*much*, Insipid.!>

(Thank you for your signature links. I have now read Tony Klein's article and both the aaw and the sb tutorials, amongst others.. Nice...)
( I try to keep my *own* win98SE pc up to date: I found the simpler link for a win98SE Windows Update: v4.windowsupdate.microsoft.com )

NOTE: I've tried to list these issues from most all of my previous posts in a much more headered, concise, and abbreviated format, thanks!

< Following is Our topic-list or TOC(Table_Of_Contents):.. )).. >

The "SHORt"-list:..

1o?> (Bad_Links) [(compiled_list)]
2o?> CCLEANER
3o?> (hdd_grinding)
4o?> backweb
5o?> MS's_loadqm/QMgr
6o?> MUSICMATCH_Jukebox
7o?> Netscape4.0
8o?> IMPORTANT_Q
9o?> (browser-tools:aim+msmsngr)
+Ao?> khooker(?) [additional_issues]
Bo?> TDS-3
0Co?> GuardDog_startup_item/registry [srvclog0]
1---> --- [srvclog1]

< and the "p.s." regarding your broken links (@bottom_current) >

===

(Bad_Links): 2 of your links from your previous post were bad (mis-copied, literally-quoted, or whatever):.. (please read the "p.s." herein)

CCLEANER: un-install it, and replace it with what? (recall, Atri in LiveChat stated it can mess up win98) Or is Cleanup!4.0 already good enough (as i had already installed and used that based on the original malware removal forum directions page) ??? (I also have that CWShredder from same page, what about that app: is *it* a good replacement??)

(hdd_grinding): the old hdd c has become the new hdd d, and he's got a larger new hdd c (startup/primary) now: but for over a year or so now, it's been grinding in a regular on and off pattern: doesn't run continuously, but every so often, turns on and off in a regular recurring pattern... <?> {the hdd d on the system has no problem accessing nor writing data, i do not believe}

backweb: (i'm not sure that the Logitech/LDM(LogitechDesktopMessenger)/Runner Error i mentioned in service log is fixed) {there was some odd business with the outcome of my actions on your directions for handling this issue involving the removal of the 'backweb' app...}

MS's_loadqm/QMgr: (..is back in the hjt log again - not sure quite how: however, i have a great deal more info to offer regarding this issue of MS's QMgr/loadqm process/app. (I have used the \windows\command\fc file comparison utility to determine this to be the only difference between the hjt log you ok'ed as clean for me and the one i've just scanned as of my latest testing.) <<<AMMENDED: my accounts from my previous srvclog's need ammending to attest to the fact that loadqm JUST today *appears* to have ceased "trickling" info up onto the internet: just this session, zonealarm once again requested of me how to handle loadqm, and i again, denied it: however, the app no longer seems to be lighting up the modem system-tray icon in that regular pattern, as i spoke of previously (even though i had been "categorically denying" access through zonealarm to this app, and it appears to me that it had been accessing/trickling, in spite of this fact)>>>

MUSICMATCH_Jukebox: is it malware, does it need removing? (I suppose if it were, you would not have pronounced my friend's system "clean," but i just want to inform you that i've seen relations (folder & sub-folder -wise) which indicate, if i'm not mistaken, that there may be a relation between Logitech/LDM (logitechdesktopmessenger){relating to the "backweb" issue you had me clean} and wildtangent and ALSO musicmatch jukebox .....
..
<i imagine this issue, possibly relating to his (my friend's) "backweb" infection on his system, most likely stems from my friend opting into some form(s) of 2nd or 3rd party marketing agreement(s): Where, please, can i tell my friend to go for *Safe* GAMES, AND WHATNOT, if he should want *such*? (or optionally, to check to see if *_such_* are ok(ie, not malware)???)>
..
(That last question is a Very Important one, i feel, and the answer to which, i also feel, may be the best way we may have to keep *him* out of trouble on the net.<??>)

Netscape4.0: he doesnt care for this - i sometimes use it on his machine - i figure it's a risk to use - i know he likes ie6.0 and i'm unsure he'll be willing to switch to mozilla_firefox, however, i will attempt to explain the situation to him: should i remove it? (Also, I am still looking for g2g's position on the new Netscape Security Browser 8.0): uuhm, ..also: if he's going to continue to use ie6.0, what would you recommend? (I have some recommendations on how to tighten internet options, etc, from you, from your and g2g's suggested readings already, though (in addition to the things i've already, and will be, installing which will tighten it some more, no doubt) - thanks)

IMPORTANT_Q: wILL our postings remain on g2g so that my friend can read our progress (and his much needed info for him to learn about maintenancing his Own system *chuckles*), Please ?????
..
Could you please make a short-list of all the eSSENTial protective programs which my friend (and i, eventually will need to keep UPDATed on a regular basis, Please??
(At least those out of all the ones you've had me install and/or suggested... (as i do plan to install any more he can afford (such as the SpywareBlaster, SpywareGuard, and/or IE/Spyad) .. (It would Greatly HELP us to have a maintenance list, especially after all of the software i've recently installed for him (and will be installing on my own system and new systems)...)

(browser-tools:aim+msmsngr): my friend mentioned these appeared to be inoperative/broken to him, and i see that his msn toolbar is not available (although it yet appears within the add-remove programs list) - could we have torn it out in fixing malware that got tangled with it? Should i uninstall and reinstall it, or are you going to recommend google's toolbar instead ? And what about AIM, please? (he claimed it was not functioning properly either, but i thought he mentioned it as being broken in some capacity relating to ie6.0 *shrugs*) ?

A few more issues:..
..
khooker(?): > I've found that "khooker" process you mentioned at the start of our issue: it's still listed as a background process in the Close Program dialog.. does it *Need* reMoving?.. is it a problem file? or has it been "disinfected" now, or what? I don't know what it is.. I get the impression you guys noticed the [bleep] he seems to have had on his system (not pointing fingers, as i've had my own run-in's with such issues, and i happen to be someone who knows none of us are perfect) ...{perhaps, these are two different issues - i know he has this "paris voyeur / carpe diem(folder)" thing on his system.. i thought i had removed that already, with his permission, but is it still lingering?}
..
TDS-3: > Shall I uninstall TDS-3 now? I guess i'll need to do so. Can we get an alternative? Someone in livechat recommended something which the person called "MooScann" (as possibly a free alternative), is that good? Does he have an especial need to protect himself from trojans or will the stuff he has on his system now, plus perhaps those 3 or so added/recommended apps (SpywareBlaster, SpywareGuard, and IE/Spyad, etc) take care of this for him? (<reason_i_ask:>..as he has had so many trojans of late.. and i'm wondering if his DaysOfOurLives soap opera update web site has been giving him these, or perhaps an affiliate from his opting into something in relation to the soap site.)

...(from <file:srvclog0.TXT>):..
GuardDog_startup_item/registry: > ..
[PLEASE_NOTE: AMMENDMENT: in a previous post (at least one), I had indicated GuardDog was an internet security pkg of my friend's, but what i failed to acknowledge was that it's long since been his *OLD* un-used package: i never trusted it, which is why i had recommended to him to have it disabled, and eventually, with his ghosting to an additional, larger drive, it became a non-issue: long ago, i installed zone alarm for my friend, and GuardDog should Not be in use now, although it yet appears to reside on drive D (drive C now being bootup)]..
..msconfig shows a selective startup rather than a normal startup again, for some reason: guarddog.exe (has *apparently* been re-added, and) is unselected within startup items, yet all others are selected: i recently moved the guarddog.exe startup item into a newly created "disabled startup items" folder i made of late, for this purpose (ie, to correct the guarddog dialog box searching error from coming up every bootup (it worked, but this problem has now resulted {perhaps un-related: i am Not certain}) <???>): Will you Please help me get back to a Normal Startup for msconfig (that is, "How to remove guarddog startup item" <this is yet another of the un-finished items i've been listing and relisting in my service logs and also, the previous postings, thanks {sorry, if i've inadvertently re-opened the issue .. }>???

...(from <file:srvclog1.TXT>):..
<None. Nothing, nada: all clear, here, thanks.!> (or it's already been included, herein)

>>> This is enough for now: let's take this in steps, ok, Please??? (yes, this means there will be somewhat more (this post should cover quite a lot of it though {AMMENDED:a good amount of which (if not *all*, now ))..) was in those previously attached service logs: However, i've rewritten them hopefully a bit more concisely}, thanks!, but hopefully not "tons" (ie, hopefully not tons yet remaining to be done)
[re:AMMENDment:there may yet be some issues unaddressed, but i've {now} gone back through all of the previous files + attachments:.. all that remains is to fix these issues, herein, and then for me to review / recheck his (my friend's) system, and batten things down the rest of the way, depending on what we determine and find out from our final actions together on cleaning my buddy's pc ... THANKS!]

-bri/bcc

p.s. :.. (please note the following)

From your previous reply regarding 'backweb', Insipid:..

I read the following:..

http://www.cexx.org/dlgli.htm

However, in continuing your recommended browsing for this case/issue, ..
..clicking the actual links (from your previous reply) returned the following web ERRs:

"Requested URL not found." for :..

http://www.neuber.co...876480.exe.html

<and> (an apache tomcat redirect err, description: "The requested resource ... is not available.") for :..

http://forums.logite...mentID=10149139

[It looks like they are ?maybe? pasted "literally" with the ellipticized aliai, and may need correcting <???>]
[..uNLESs those *Are* the Actual links..*shrugs*]

Edited by bri, 16 June 2005 - 11:17 PM.

#8
bri

Posted 16 June 2005 - 11:16 PM

Member

Topic Starter
Member
14 posts

Just want to be certain there is no concern of "bumping" here, as i've been directed by both Insipid and Atri to continue my post with my own followup post, even if the context is about to change from the expected (sorry about this, Insipid - despite this apparent set-back, i *know* we have made great progress already, and are nearing the end of the case, thanks).

<Once an issue has been opened or "picked-up" i dont expect "bumping" is a concern thereafter, but i'm so new here yet, that i've little reference to go on for such determinations.. it seems to make sense, though as i've stated before, and shall no doubt state again, newbies just do not have the definitions and perspective and references that staff do - so, i Really appreciate the tolerance of you all.>

Insipid, I have attempted to do my best in Not Adulterating our efforts at our spyware removal (well, at this point, i had thought it was clean, but was not quite done with all the steps, so was still attempting to do my best - truthfully, i had not finished battening down IE6.0,andETC, as this new situation arises - and ie6.0+etc yet remain so *sigh* <I feel that the spyware and adware probably had all been removed when you declared my friend's system clean, Insipid, but i've been harboring doubts about the trojans, all the way along - just review this entire case to see where i raise concern, accordingly (perhaps do a search on "trojan")>), so i've avoided installing anything new, and have only been removing and fixing things (notice, however, my concerns herein within this reply, regarding the few apps i've run since your last reply, Insipid), and just a minor minimum of browsing, mostly on the g2g site itself (though, i've been relying heavily on my *Own* machine, in order to lessen the risks to this one, my friend's pc): ANYway, on a hunch i did another Panda ActiveScan (see a bit of detail below), and so, that "frispY" issue shall have to wait for a bit... *sigh*
---

Just got on the LiveChat again.. I tried another Panda ActiveScan: this one, as all the previous, has also come up with some sort of exception: i tried to do the scan, and my modem carrier/connection got dropped *just* as transfers were completing with Panda ActiveScan to start to initiate the actual file scannings... I went to the mini-IE-window and right-clicked and hit refresh, but when she logged back on, activescan resumed (instead of starting from the beginning, as i had hoped), so i decided to start all over - so i did (i hit "stop", shut down the ie windows, dropped connection, rebooted, and then began the panda activescan all over again). This time, the scan went off without a hitch, utilizing the components it had just cached on the previous attempt ...

Well, anyway: as i stated: about 47 hits on infected files out of the 175k files on his (my friend's) two drives (c and d) {which takes about 4 hours on his p3-eqiuv amd 950mhz pc}; PLUS, some spyware which activescan said it was unable to remove...
[Note: i have *aGain* saved the activescan results log (this 2nd one) for review ]

Thanks for your patience, Insipid, and whoever else may read this...

(Speaking of which, Atri is another one.. (2nd? ... well, ?fourth?fifth?, but Excal had originally asked, and i was handed off to Insipid, and SkyHi also asked to have a look, but he's not staff<?>(i think he said he's geekU)) ..who has asked to see my case, and so, at his (Atri's) request and under his direction, i've added another hjt log.)

<btw, i have ABSOLUTELY No Care for Blame - it wont get anyone anywhere - i am solely interested in resolving the issue, as i'm certain are also, all of you.
Much Appreciated.!>
=

Thanks again, all: your help is so very much appreciated... ))..

(I'm learning so Very much and this is so very valuable to me: thank you.)

<<Note: At Atri's request, i've altered this formatting to (hopefully) be more legible: sorry about that.>>

[AMMENDed:.. Insipid, I just wanted to say, I *Have* Run a small handful of programs, including msnmsgr which is the one issue we failed to address from the last post (that, and also "aim," both-together comprising the "browser-tool" issue - the msnmsgr issue ?might? be fixed; however, the aim issue remains unfixed (his AIM_chatter in-app_search-box-control fails to bring up proper search page results within IE, and instead gives an apache lookup error).
ALSO: He (my friend) told me that he'd been having trouble getting his msn messenger to bring up his hotmail via its in-app_hotmail-link --- most of the time, it works for me (was working for me, even way back when, when he had been having this problem in the past), but i've also brought it up a very small number of times myself with this problem going on, but was quite a while ago, and i do not remember the errors well - msnmsgr's hotmail-link is working properly right now, today, but i did notice that he has 3 shortcuts for msn messenger, all three of which appear to point to the same "msnmsgr.exe" (of which there is only one that i can find on either c or d), BUT one of the shortcuts, an "MSN Messenger 6.2" (again, all three shortcuts had pointed to the same app (and of which, i've now removed one of the others)), ..this one has a properties dialog with NO info filled in (thus, suspect-behaviour(?)) ...<???> (..so, i'm wondering if running msnmsgr might have re-exposed his pc - sorry, if so .. ..)]

<-snip->
<-snip-> (HJT_11th) - {the last hjt_log posted was the "3rd" hjt_log, but i've been doing some scans of my own, purely for comparison purposes - i have removed Nothing on my own using HJT, and as reminder again, installed nothing that i can think of, since your last reply post herein, Insipid <however, as herein stated, and according to what i've learned of late, i may perhaps have inadvertently set off some conditionally-triggered infections by running certain apps - sorry if so > ..}
<-snip->

Logfile of HijackThis v1.99.1
Scan saved at 12:50:43 AM, on 6/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\LAUNCHER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\PRIMAX\POWERTWAIN\PMXDETECT.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\IDEASOFT\SPAM ELIMINATOR\SPAMELIMINATOR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://lw8fd.law8.ho...24c7f212109942d
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Western Michigan University
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\SYSTEM\Launcher.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [Scan Detector] C:\PROGRA~1\PRIMAX\POWERT~1\Pmxdetect.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Mailround Mailman] "C:\Program Files\Mailround\Mailman\bin\bMailGUI.exe" C:\Program Files\Mailround\Mailman\bin\bMailGUI.ini /showIcon
O4 - HKLM\..\Run: [PP7600usb] C:\PROGRA~1\VISION~1\PAPERP~1\FBDirect.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: Guard Dog.lnk = C:\Program Files\CyberMedia Guard Dog\GuardDog.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Spam Eliminator.lnk = C:\Program Files\IdeaSoft\Spam Eliminator\SpamEliminator.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: DigiChat Applet - http://www.rxxx.com/...s/Client_IE.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol: offline-8876480 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {31371DA1-C278-11D9-A1A9-444553540000} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

Edited by bri, 17 June 2005 - 01:35 AM.

#9
bri

Posted 17 June 2005 - 02:58 PM

Member

Topic Starter
Member
14 posts

(Ok, to repeat for the sake of this post:..
Insipid, in LiveChat you just declared the most previous HJT-log to be clean<!> ..
(Thanks again: ..a relief.

> As directed by you, Insipid, I am hereby disclosing the just previously aforementioned (in my previous post to this one) Panda Activescan2.log ..

>> I would just like to mention, with regard to the most recent HJT log (11th (4th actual)), (at least) TWO ITEMS that yet remain un-handled:..

>> (EPSON):_..that my friend has NO printers right now, and I'm wondering: will you please tell me if the epson status monitor may be removed, and if so, how? (it's a startup/ system-tray/ tsr(or_whatever)/ background process) ..

>> (GUARDDOG):_..also, remember that a particular firewall-type product called (Cybermedia) GuardDog (and Cybermedia OilChange) had been in my friend's startup-item repertoire for quite a while (i explained this issue in most all of my previous postings, to this, my very first case - with some particularly more relevant/helpful info recently disclosed to you, Insipid, to which you replied, given the circumstances, that i could simply remove the folders now, off from the old c (new d) hdd - thanks): howEver..: guarddog.exe is STILL showing up in startup items (perhaps due to my latest efforts at removal), and, Will you PLEASE help me get it out of the startup items, now that every *Other* trace of it *_seems_* to be gone, so that my friend can have a full set of startup items (a !Normal! Startup from w/in msconfig)?
[NOTE: this is the *Only* item NOT Selected from within "msconfig > startup items", and is the only factor keeping his machine from booting up in Normal Startup mode, that i can tell - Thanks!] <<<yes: i have removed the folders for both Cybermedia products off from D now.!>>>
{AMMENDed:..Ok, let me ammend that slightly: i have NOT been playing with msconfig startup item disabling or enabling again to any detrimental degree: at some point, i found the guarddog.exe startup item disabled, so i've re-enabled it: he DOES Now have a Normal Startup selection bootup setting for msconfig, BUT!..the computer is *STILL* (as has been reported countless times before, within this post), coming up with a Missing Startup Item(?or?)Icon error dialog.. it searched for a match, and finds a mismatch now (had been finding the proper icon on the !D! drive, previously) on drive C, to which i hit CANCEL, but this solves Nothing: and every time i boot up, guarddog.exe is aGAIN Asked For.! PLEASE!..help me get rid of this thing.! Thank you. <You *Told* me NOT to use msconfig to permanently disable startup items, and to ONLY Use that for Diagnostics (temporary testing), so IF the only coRRECt way to remove guarddog.exe is through HiJackThis and i do NOT know HOW to use hijackthis, then i will obviously need help removing it, thanks!>}

(((I realize all of the above could probably have been said in just 2 single-line sentences, but it is annoying me no end: and it's not getting done. Sorry .. ...)))

=-_-_-=

INSIPID.!:.. ...*As* we are proCeeding, keep in mind that i have yet to put in place any of Tony Klein's directives, on my own ...! (Thanks.!) <I will do this at my earliest planned opportunity though, to be certain. .. (it is next to do on the list, if not immediately so, hereafter - i had felt that i needed to contact the owner (of the system being worked on (my friend's pc)) about some issues, and he's been hard to get ahold of, my apologies)>

ALso: I am requesting that I have the opportunity to get an online scan working properly (without any fubars), please: at least just once, perhaps immediately after the system is declared clean once again - i would like to spend the time on either activescan or housecall to be able to verify things are working ok, if we can, Please ??? (or have it explained to me why this is unnecessary or counterproductive (?or unfeasible?) - the activescan just came up with 37 or 47 infected files, only a small number of which are listed below (the adware and spyware, which it recommends having removed by some app) - so apparently, the rest were removed by panda activescan itself)...

A_FEW_MORE_ISSUES:..

>>> to re-visit the "aim" issue: the search control within his AIM app seems broken: could the app be a source of ad/spyware, perhaps as indicated by this...? What do you recommend to fix it? Would you recommend he Uninstall and Reinstall from a new install archive/exec? Or would you recommend he use something else? He says he doesnt use it much: uses mostly msnmsgr (msn messenger). {And note there was a similar odd-behaviour issue in the last post, regarding msn messenger...} <I use trillian for chatting myself, and do not seem to have had much trouble with infections (some though, as i have had a small number of hits, compared to these other machines i'm working with (from pest patrol)), as i've seen Alexa (i think it's called(?)) on my own machine of late (which will either be handled next, or right after my aunt June's winXP machine - no fears though, Insipid: i'd like to give you a rest if you want, and we can let others handle the other machines some time later on )).. ..)>

> Please reply with a response for both chatters (aim and msn messenger).

> {I *Do* Realize that (most, ?if?not?all? of) these app's are a notorious source of spyware and adware, and malware in general, so i could understand perhaps the response and replies most all of you might give - much like the "frispy" -issue with which i am still wrestling to seek out any merit therein - so, once again, thank you all for all of your patience with all of us "helpees"...}

>>> REgarding: browsing google to find a hdd diagnostic tool for his: "WDC WD84AA" hdd:..

..it was a wash: i looked up and down the net on google, with a handful of search criteria alternative queries, and could not find anything (though my search skills are not the best, and i'm unsure i've got the proper name from out of CMOS for his drive (see quoted, above)):

A_: > IDE Primary Master [QUANTUM FIREBALLP AS4]
A_: > IDE Primary Slave [WDC WD84AA]

Will you please help me a little more with this? (if we find this to be unnecessary, fine

(To describe the problem in a little more detail (that is, to add to what i've explained previously to you, Insipid), it seems that not only does this persistently recurring "seeking" come and go and irregular intervals, but process explorer shows no unusually high activity going on with any cpu process during this time, and the drive also seems to spin up at other times (quite often just prior to this "seeking"-noise), as if, perhaps, it's over-heating ... one of the sites suggests that this hdd type, does no self-monitoring for temperature, but i suspect their product may be unnecessary and that they may just be trying to create a market for their product, so i'm not recommending this to my friend.)

=+=+= ( TWO (2) USEFUL QUESTIONS: a Useful one, and.. an exTREMELy Useful One, PLEASE: ) :..

=+=+= 1o2> May I PLEASE have a listing of those anti-malware and other app's out of the ones *you've* had me install (and this site has had me install, off from the various recommended webpages) onto my Friend's system, which Will need Regular MANUAL-UPDating ??? (avg, aaw, sp, a2, ..what else, please?)

=+=+= 2o2> What should Brett, my friend, do, in order to be relatively sure his games and applications he downloads off the net, are safe? Are there some better sites to gather free games and free applications; or better yet: a LIST/webpage of links for such sites, for me to give to him from all of you, Please ??? (Do not underestimate the USEFULNESS of this Query: the answer will be EXTREMELY Helpful to my friend, and i (and no doubt, to many others). ThankS!)

<<<INFORMATIVE_For_*You*,Insipid:..
<<<After everything needful has been taken care of/handled/resolved from these postings,
<<<and after finishing Tony Klein's recommendations, and those from the g2g aftermath pg,
<<<and then after posting and getting replies, and acting on advice for the "frispy" issue,
<<<barring any further concerns, of which i can seen none at this time, we should be done,
<<<if that's ok with you, Insipid: thank you very much for your time, effort, and patience.!
<<<And Not to leave out your enormous amount of Consideration: Much Appreciated ))..

<<<..um,i gotta run real quick - my mom just asked me over for dinner <ts:"4:30 PM 6/17/05">
<<<..(I'll be back to reply later on tonight, not too long from now)...

<<<(btw:i think we've pretty much covered the posted issues -thanks for the answers thusfar)

<-snip-> - (<file:Activescan2.log>)

Incident Status Location

Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin10??.dll
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM\FLEOK
Adware:Adware/DownloadWare No disinfected C:\Program Files\medch
Spyware:Spyware/BetterInet No disinfected Windows Registry
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\SYSTEM\im64.dll
Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/AdDestroyer No disinfected C:\WINDOWS\SYSTEM\SWRT??.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\swrt01.dll
Adware:Adware/SideSearch No disinfected C:\WINDOWS\Application Data\Lycos
Adware:Adware/Comet No disinfected C:\WINDOWS\inf\dm.inf
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/Coupons No disinfected Windows Registry
Adware:Adware/EliteBar No disinfected C:\WINDOWS\sideb.exe
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM\fiz1
Adware:Adware/EliteBar No disinfected C:\WINDOWS\SYSTEM\shawn_1.dll
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\SYSTEM\im64.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM\SWRT01.dll
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM\fiz1
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM\kyf.dat
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\BIB.INF
Adware:Adware/Comet No disinfected C:\WINDOWS\INF\dm.inf
Adware:Adware/Comet No disinfected C:\WINDOWS\INF\dm.PNF
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\POLMX2.INF
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.inf
Adware:Adware/Gator No disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1018.dll
Adware:Adware/EliteBar No disinfected C:\WINDOWS\sideb.exe
Adware:Adware/Coupons No disinfected C:\WINDOWS\cpbrkpie.ocx
Adware:Adware/IPInsight No disinfected C:\WINDOWS\SATMAT.INI
Adware:Adware/EliteBar No disinfected C:\WINDOWS\protector_update.exe
Adware:Adware/MyWay No disinfected C:\Program Files\Netscape\Communicator\Program\Plugins\NPMyWay.dll

Edited by bri, 17 June 2005 - 03:12 PM.

#10
insipid

Posted 17 June 2005 - 10:00 PM

Visiting Staff

Member
313 posts

bri, that log is still clean As far as ensuring free downloads are 'clean', Google is your best friend. Also, read the EULA and the company's privacy policy.

If you can't get a decent diagnostic program for that hard drive, I would say just use it until it gives out. You said it's been a year, maybe it'll be a year longer. I wouldn't store any critical data on it, though, unless you do regular backups. To be honest, I've had Western Digital hard drives that did the same thing.

AIM and MSMessenger are not malware, just be careful who you accept file transfers from. A good firewall helps too :tazz:

. I would uninstall/reinstall. After that, I don't know much about Instant Messenging programs, so I can't tell you what to do to fix them.

Go ahead and delete all the files from the Panda results. They are leftovers

. Note that this file: SWRT??.dll should have non-standard characters where the ?? is. If you're unsure, don't delete it.

I will repost my recommendations, it's crucial to keep them all updated. Some have auto-update, others don't, Spywareblaster and IESpyad for instance don't auto-update.

To reduce re-infection potential for malware in the future:

Please read Tony Klein's article: So how did I get infected in the first place?.

It is extremely important to keep Windows and Internet Explorer up-to-date. Please go to http://v5.windowsupd...t.aspx?ln=en-us regularly and install ALL critical updates.

It would be a good idea to install a firewall if you don't have one . Here are a few free ones:
Kerio Personal Firewall
Zone Alarm
Sygate Personal Firewall

I strongly recommend installing three free programs: SpywareBlaster, SpywareGuard, and IE/Spyad.

Use AdAware SE and Spybot S&D regularly to scan your system. Links to excellent tutorials on these programs are in my signature below.

Finally, I suggest downloading and trying Mozilla Firefox browser. Firefox is a free fully functional browser. It's much safer than Internet Explorer.

insipid

#11
bri

Posted 21 June 2005 - 06:05 PM

Member

Topic Starter
Member
14 posts

Insipid,

> i'm still trying to get Panda Activescan to come up crystal_clear.. Remember, there were 37 items which you called "leftovers": well i was able to remove all the indicated folders, files and hidden files, but for some registry entries.
Atri and Excal have given me references to a few win98 registry tools, and i have used them as instructed by them: i've removed only the stuff which Excal instructed me in a PM to remove, utilizing RegSeeker ...
(Atri gave me reference to a vbscript registry tool called RegSrch.vbs which was instrumental in finding what i believe to be the problem keys/ data...)

So, now, what I'd like to know, is, is it ok to remove the following 2 sets of keys from my friend's windows registry, as i believe this will enable panda activescan to come up clean as a whistle .. ..hopefully, that is; ..should, i'm thinking...

(Or, Please, Otherwise instruct me how to rid the traces of nCase adware from the registry, please.)

<Excal helped me to rid one other registry entry using RegSeeker,& i removed the other folder manually..>
<Activescan came up with only the One Sole Single INCIDENT from all of his 176k or so files, on C and D>:

<Activescan7.txt>:..

Incident Status Location
Adware:Adware/nCase No disinfected Windows Registry

<end_of_Activescan7.txt>

<..>

<RegSrch.vbs yielded the following results in my searching for all of the registry info which panda's virus encyclopedia showed as coming from this malware infection (from the infection strategy section) :..

(NOTHING else was traceable, utilizing the registry-searching vbscript to search ALL indicated sources.)

<@URL:..>

http://www.pandasoft...deteccion=20302

(..with the following results:..)

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

<end_of_only-hit_on_search-results_for_nCase-adware_using_RegSrch.vbs>

<..>
..and, as you can see above, this is where RegSrch.vbs shows the only traces i can find, to be:..
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\...
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\...

Is it OK to remove just these TEN (the two sets of five) registry items ??
Using regedit, just how exactly would i go about doing this, and what precautions would i need to take?
(..as I used RegSrch.vbs vbscript to find these, and it's not a removal tool... <?>)

(I know how to make a backup of the registry if this is what one must do - i've read the MS doc on this.)
(I am curious however, the extent of which to delete regarding data values, keys, sections/segments,etc.)

-bri

#12
insipid

Posted 21 June 2005 - 11:51 PM

Visiting Staff

Member
313 posts

We can remove those registry entries, but let's do it the easy way :tazz:

.

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bis.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\config.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\downloads.180solutions.com]

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\installs.180solutions.com]

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

#13
bri

Posted 22 June 2005 - 12:59 AM

Member

Topic Starter
Member
14 posts

Ok.!... ..Here's.. "The FRISPy Issue" ! Thanks for agreeing to research this for us!

(..and i'll try to remember to let you know how the activescan goes, thanks!)

As reminder, just letting you know that my friend wants his pc back tomorrow (Thursday), but that he's agreed to let me install any frisp which he and i may agree may work for him, after i return it to him, at his place, during agreed-upon hours/times...

Just to let you know: among other nice things (if any of us can think of any ADDitional), we would like the following, in a frisp:..

no popup nor ad-banners (my preference)
unlimited time (brett's own preference)

<<<Note i got the links below w/a quoted search "free isp" on techtv's engine>>>

<-snip-> (prepared short essay, follows):..

Insipid: here is that "frisp" issue which you said you could do research on, for us... Thanks a Bunch! -bri

the frisp (jfque or fqjeff or qfjeff or gjfree or some helper(woops.!..mAybe..uuh, "jfcap"?), from live-chat, suggested a link to help me and my friend out - i traveled there once and read several pages - they require registration for indepth service, as with you guys and so many other services on the net - i intend to register and check them out more thoroughly - the link that this person gave me, follows. What i'd like to know is, how can i install a frisp or two or three without compromising my friend's system to ad/spyware\malware, etc, please? If you dont want to comment on this for the same reason you gave before (within LiveChat), that's fine.. maybe i can find the person who helped me on livechat again some day soon

http://www.isprank.c.../Kalamazoo.html

However, Insipid, I would like you to read the following techtv article and give me your impressions, feelings and thoughts on this issue, will you please? This would mean a lot to me. Thanks for all your time, effort, energy, work and consideration, and that of the entire staff...

http://www.g4tv.com/...SP_Roundup.html

[ALSO, one of the Call For Help articles/pages, herein listed (below), states:..

"" Paul Royal wrote: ...
..
Ispnut is the best resource for free or cheap ISPs. "" ]

(Also, noteable: part of the reason i ask the question about installing a frisp being a malware-risk, is that i believe you, Insipid, had me remove with hjt, an entry which i believe made mention of an object relating to the "dslreports" site which the techtv article/page gives as their favorite site for rating frisps. Note that the object which hjt removed, which seemed to me to be related to the dslreports site, was most likely only created in doing RESEARCH on free isp's -- i believe this object got onto his hdd solely by my research using "dslreports".)

-bri/bcc

p.s. here is a slightly less-dated article by call for help on the frisp:..

http://www.g4tv.com/...lt_Browser.html

p.p.s. my search on g4_techtv's site with the quoted search-query "free isp" also came up with an article on toll-free isp, but a fourth link of especial interest, explained to me all the hinting about free isp's not being truly free, and my mother did not bring me up stupid, either: i know there's no such thing as a free lunch: the only thing free in this world, is the love of our creator, but for blessings, we get those from our hard work for and from HIM, and no man can close this door in my mind... Back on the topic of free isp's though, and to confirm my suspicions, the discussion within the topic "Using Linux to get online" on techtv's page, explains to me that free isps use adware, and suggests you need a pay-service isp to avoid this, but the other article seems to contradict this... Needless to say, i'm going to do further digging, in order to get my friend the service he may need, and for my own backup service. In the one article, it is suggested that one may choose a bannerless frisp at the expense of some trade-off's, some of which may involve either: lack of tech support (suggested as a possible pitfall to beginners), loss of transmission speed, and possibly some variant forms of privacy-loss. One of the articles, perhaps the same, also suggests a 50 dollar program for encrypting web activity by Zero Knowledge Systems, which the article admits is "a price that slightly undermines the thrifty frisp solution."

http://www.g4tv.com/...g_and_More.html

p.p.p.s. I've had one of the sites i've visited of late suggest that certain forms of advertising may be acceptable: i believe the site was speaking of advertising and or marketing which was incorporated within the executables of legitimate applications, something like aim's app-incorporated ad-banners, at the bottom of its own application dialog box. I'd be curious to know g2g's position on this, as well as other potentially-acceptable forms of self-supported promotions, as i am a programmer myself (one who is highly interested in beginning my career/business with legitimate and God-Revering fair and just sales of my software, eventually, and therefore, the means/legality, and methodology of going about my proposed business... Open-source seems a possibility, as does shareware, and i've already ventured into freeware as a means of promotion of the software i have created (though mostly simple commercially non-viable things, thusfar: and that portion of my site is closed at this time, pending further studies on legality and marketing techniques)... Sure wish I could remember the product that spoke of the concept of "acceptable advertising".. i believe it may have come from one of the original links i read from the g2g site.. ..was not all that long ago, but many "read" words ago now. )).. (may have been one of the protective-programs or one of the g2g site's recommended browsings *shrug*))

-bri

#14
insipid

Posted 22 June 2005 - 11:20 PM

Visiting Staff

Member
313 posts

bri, to be honest, I can't make heads or tails of all that (really) old data, and I looked at it in depth (or ad nauseum, if you prefer). I suggest downloading two or three trial versions of free ISP's in the area, and let your friend make the decision. Ad's will be a part of it, certainly, just as the free version of Opera carries a banner ad. Acceptable ad's are those you agree to (and allow you the option to opt out, up front), that don't collect and disseminate your personal information, including but not limited to your surfing habits. Google ads are a good example, surf Castle Cops forums and you will see.

As for malware, an ISP wouldn't last long if it installed REAL spyware (ok, unless it's in China, as recent experience has taught me). When we discussed free ISP's in chat, I said "You get what you pay for." By this I meant speed and reliability, not malware-related issues. My own ISP's software installs stuff that we fix as a matter of course (read 'redclientapps).

Now, for my personal opinion: Advise your friend to loosen up, get DSL or Cable, and join the real world :tazz:

.

How did the Panda Scan go? I've never actually worried about everything Panda picked up, they truly are trying to sell you a product. The scan is useful to us, but not the end-all-be-all.

#15
bri

Posted 25 June 2005 - 11:37 PM

Member

Topic Starter
Member
14 posts

The Conclusion to ..

Topic_Title: possibleTrojans+assortedMALWARE_w/Complications
Topic_Descrip: TDS-3_log_incl'd

User: bri

<..>

o ..regarding the latest Panda Activescan performed: i merged the .reg file you gave me, and the activescan still comes up tainted with that one sole incident: i'm just going to be satisfied (for now) to have all but the last incident removed from his (my friend's) machine: nCase adware ... thanks all

(a little more detail, for the curious: those windows registry entries showed back up again after being removed: we must have some software installed, or being run, or having been run/called, or a website being accessed that's restoring it/has restored it)

o GuardDog process - looks like RegSeeker which Excal directed me to, has helped me to remove this startup problem, thanks people

o Epson process - this was posted by me as a similar problem to GuardDog, but it is different in that Epson is still at least partially installed - we are looking for the install disc to be able to attempt a more thorough uninstall, but we do not plan to be looking to you for an answer for this any more at this point, thanks again

o anti-malware manual-updatings - i've let my friend know which ones need bi/weekly maintenance/manual-updating and scanning..

o frisp - i let him know the main points you have about this.. i.e., i passed on your missives, thank you .. I also set him up with the links he'll need to research them on his own and i intend to help him with this on one of my new (old) machines

o Tony Klein's and also your GeeksToGo recommended preventive measures have now been put into effect on his machine (sorry it took so long: was another two days before i got his machine back to him - i was delayed by prescription difficulties, and from helping him (my friend) to fill a sand box for his two baby boys, in the preceding two days to his machine's delivery)

(There was one inconsistency/contradiction in Tony Klein's suggested settings, which at least one of your recommended java cool app's gave warning about, and you guys are no doubt aware of this: it's the setting for Internet Options > Security > Internet > "Download unsigned activeX controls" to "prompt" (where SpywareBlaster and/or SpywareGuard recommends setting to "disable" which is where his machine had already been set) - {there were no problems with the other settings therein})

((There yet remains one final thing, needing to be done here: Jason Levine's Browser Security Tests... i shall return to his home to perform this some day soon - thanks))

o Thank you ever so much for the advice on how my friend can be better able to download and attain more reliable software.. as some of you have said, google is your friend (and i've recommended some other search engines for him to get 2nd, 3rd, etc, opinions from)

(and thanks for the advice on chatters)

o I was able to uninstall and reinstall his favored chatters: AIM and MSN Messenger

o As I had mentioned, he (my friend who owns the system i had been working on) had been experiencing recurring infections by Trojans, and he and i suspect he had been getting them from a tv soap-opera updates site - he sent away asking them about this, and he reports they claim the trojan must have come from their site's supporting advertisement, and my friend claims she, the owner or whoever, claimed to have no control over this - he dearly loves this soap, and i feel he will not want to give up the updates site, so i'm at a bit of a loss as to what to tell him, that is, assuming we're correct about the source of the infections (he has not revisited them yet, to my knowledge, so we dont have any reference to speak of, as yet)

(I mention this point, as it is the original reason for consulting your site for his case.)

o I recommended Mozilla_Firefox to him (and have installed it), but I do not believe he wishes to switch. I also put ample links/shortcuts up for him to check everything out from within his issue for himself, i.e., our case on his behalf (thanks)

o I'm certain Not Everything has been handled from this post, but we did a fairly good job, together, didn't we ??? - an especial thanks to you, Insipid, and the rest who have helped out, and to all the staff and helpers...

-bri/bcc .....and, on behalf of brett and myself, thank you one last final time (this case)

p.s. I'm curious if, after a number of days, when we're both ready, you would care to resume with some other machines (my own, this time {possibly my aunt June's winXP machine first, though (and THEN, back onto my own win98 machines)}), especially after experience has now taught me how to handle, streamline, and expedite, these cases of malware removal and optimizations (hopefully and prayerfully), please?
If, on the other hand, you would like a break from the intensity, and my.. particular brand or method of thorough and comprehensive care, I will be perfectly happy to pick up the next case, of my handful, total, with yet another helpful and experienced helper, if allowable... much appreciated.

Edited by bri, 25 June 2005 - 11:39 PM.