Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Logitech\Desktop Messenger [RESOLVED]


  • This topic is locked This topic is locked

#1
uncle jedd

uncle jedd

    Member

  • Member
  • PipPip
  • 10 posts
At what point do I just startover? Some things I dont have a back-up of, but I will do what I have too do. If I do have to start over any recommendations on what to use.

This is the latest series of reports and after running recommended programs even in safemode.
Several things have been identified and addressed since the BWPlugProtocol thing started.

Ewido identified (Not-A-Virus.Joke.Coke) and was placed in quarantine.

Logfile of HijackThis v1.99.1
Scan saved at 2:19:38 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatherun...ast?query=68803
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {13579E65-056D-4444-B36C-5FADB94675D3} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cfm: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.chart...oad/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-de...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O18 - Protocol: bw+0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:50:49 AM, 6/29/2005
+ Report-Checksum: EAB4AE04

+ Date of database: 6/29/2005
+ Version of scan engine: v3.0

+ Duration: 69 min
+ Scanned Files: 72078
+ Speed: 17.26 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\sl1kv3eg.default\Cache\3B0597C2d01 -> Not-A-Virus.Joke.Coke -> Cleaned with backup


::Report End

Microsoft Antispyware
Spyware Scan Details
Start Date: 6/29/2005 8:54:08 AM
End Date: 6/29/2005 9:19:59 AM
Total Time: 25 mins 51 secs

Detected Threats
No spyware threats were found during this scan.

AVG No virus found.

Sypbot - Search & Destroy No immediate threats were found

Ad-Aware with only a few
ArchiveData(auto-quarantine- 2005-06-28 21-59-39.bckp)
Referencefile : SE1R51 21.06.2005
======================================================

MRU LIST
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[1]=MRU RegReference : S-1-5-21-1085031214-1767777339-839522115-1004\software\microsoft\search assistant\acmru\5603
obj[2]=MRU RegReference : S-1-5-21-1085031214-1767777339-839522115-1004\software\microsoft\search assistant\acmru\5604
obj[4]=MRU RegReference : S-1-5-21-1085031214-1767777339-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[5]=MRU RegReference : S-1-5-21-1085031214-1767777339-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs\.zip
obj[6]=MRU RegReference : S-1-5-21-1085031214-1767777339-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs\Folder
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi uncle jedd, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

Your log is in need of but minimal tweaking. So what is the problem that does not show up in your log.

Regards,

Trevuren

  • 0

#3
uncle jedd

uncle jedd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Startup is very slow and occasional blue screen, or might not start at all. Sound stutters and I am not sure that my system is secure.
Yahoo messenger Explorer Bar, The Axe Effect can not be removed in ADD/REMOVE.
Writing to DVD is unpredictable. Unable to update some windows components and the printer has a mind of its own.
What is: C:\ProgramFiles\Logitech\DesktopMessenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing).
I have had I-Worm/Bagle.gen1, IRC/Backdoor.Flood, Trojan horse identified on 6-6-05 as Startpage.21.AY and Backdoor.Ruledor.b
I am not confident that all files were removed associated with infections.
Any additional information that is needed just let me know.
I am regulary running CleanUp!, Ad-Aware SE Personal, CWShredder, Spybot Search & Destroy, Microsoft AntiSpyware, AVG (updated), SpywareBlaster
Ewido was not the full version and the trail has expired. TDS-3 states [Mutex Memory Scan] Finished (no trojan mutexes found).

Thank you so much for replying, I don't know where to start.
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
PLease Note: Do not respond before tomorrow afternoon for I am experiencing major email problems and I will lose your response. Sorry for the inconvenience.

Trevuren

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

  • 0

#5
uncle jedd

uncle jedd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
From the infected items list of MWav. And yes scan did take over 4 hrs. Thanks for the warning and the help.

File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\aaw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\ePhot18E.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\tech\aaw6.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\tech\zaSetup_37_193.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\wave converter\LiveDrvUni-Pack(ENG).exe tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zaSetup_1001.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zaSetup_37_098.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zaSetup_37_202.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zaSetup_37_211.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_45_530.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_45_538_001.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_50_590_043.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Object "BonziBuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BonziBuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BonziBuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Lycos Sidesearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\QDow.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\KODAK\KODAK Software Updater\7288971\6.1.4.37-7288971L\Program\Restart.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "atl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMRadioEngine.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08FF96C2-8DA6-4714-8A46-1A002BB0EAE3}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A629F2B-1F78-4812-95A0-47DC721E59A1}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogiLdmC.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMRadioEngine.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{11791640-B9FB-48D5-B53F-2A52272C8B28}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{14890C27-808F-4334-85D9-BB574718F5C9}" refers to invalid object "C:\Program Files\ubi.com\Core\GSGameCom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1C391FBF-9DF9-45C7-A140-740EBA4DADBC}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EF2E5CB-646F-4F85-A355-8E328652CA60}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{220660B6-ACA1-43A5-92C5-E6308BB81E8C}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWCmndr-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2294C466-0D91-4689-9762-C1E92CF079BB}" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\SkinMgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23AA6EBD-86AA-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{25043B23-BB97-42A5-B981-E0370CEE9AB4}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWDocMapExt-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{263C4058-70A5-4045-9308-F477E4245CBC}" refers to invalid object "C:\Program Files\ubi.com\Core\GSServicesPlugIns.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2641617F-FB92-4CC1-93D0-B67BA0436FC3}" refers to invalid object "C:\Program Files\ubi.com\Core\GLConfigInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33CE799A-0E69-4f81-8F78-E3246771513B}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\HHACTI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40F23EB7-B397-4285-8F3C-AACE4FA40309}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LiteInstActivator.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{460E54D5-1673-47F6-988B-4ADD147892E7}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWXmlOffline-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5789D28C-A33F-4F9B-8AA5-DA51853018E8}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5CD71333-77F3-4A67-9D98-8604D5F62BCD}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5F374004-5A68-4C32-B7AC-1FB1540E9F6A}" refers to invalid object "C:\Program Files\ubi.com\Core\GSGameCom.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6984FF63-4C23-4DEC-A2E4-08BF3C28DE8C}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B58B5DD-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B58B5E1-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B58B5E5-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6CDBA7CE-C3A4-4548-8D60-118EED9C24A4}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79D37817-A8A8-4B34-95DA-398DD9ACE2C6}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWCHelpr-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8077EE91-B994-4B5E-B279-CC12755E8B4E}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84268CDA-5AE9-409C-94E9-B6FEB4B5A123}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{842FCA95-BD90-11D5-97B5-0050046C5995}" refers to invalid object "C:\Program Files\ubi.com\Core\GLPing.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{901F26F5-38FB-4819-97C0-4AA9B58834B4}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWOfflineUrlAccessor-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{92B4DDAA-CE55-4612-8F3A-6F11E24E3721}" refers to invalid object "C:\Program Files\ubi.com\Core\VersionFinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9462A756-7B47-47BC-8C80-C34B9B80B32B}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\HHACTI~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{95C15D31-01C7-483D-9D0E-831D3E07D39F}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99EEC57E-4532-4d00-98AB-43D7C8D07755}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A085525D-3A21-11D3-91EA-0004AC25B727}" refers to invalid object "C:\Program Files\Typing Instructor\PROGRESSGAUGE.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AD47916A-A2EB-48F7-9ACA-221790DA98CC}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B617F87F-1856-43BC-ADEB-C43922F7A575}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDC9B245-12B2-44C6-A884-5C0B5075F53E}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0E10005-0600-0900-C0E1-C0E1C0E1C0E1}" refers to invalid object "WT9LI.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C2C99FA5-CA27-4ee2-804D-04E0054414C0}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\SyncExt.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CAFCF848-5049-4ED9-9572-3976FC9ABD49}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CDE0A580-A4A0-4C34-B375-DAB4832FC0AB}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CE0E7204-D82C-4273-8A70-919963F4CFE0}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CE6EE533-F8F5-4BEF-A692-2AEF99FF6C6C}" refers to invalid object "C:\Program Files\ubi.com\Core\GSServicesPlugIns.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CF26D0B5-715E-4778-91A0-BC18297AE17B}" refers to invalid object "C:\Program Files\ubi.com\Core\GSServicesPlugIns.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CF732F8A-686E-480E-8371-779755EE7047}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogiLdmW.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D4365200-FD96-4032-A9C8-1C88BF278B55}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D59BCDB4-A6F9-41AA-8AB2-F706141C082A}" refers to invalid object "C:\Program Files\ubi.com\Core\GSServicesPlugIns.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D9017A15-A1C2-4E8D-86E9-F6A592263152}" refers to invalid object "C:\Program Files\ubi.com\Core\FileTransfert.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D97D700A-5F70-4507-A633-C90445B855D1}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWCmndr-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E209B013-1604-45BD-B027-BC26B239ED52}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E226C593-E4E7-424A-A870-8E6659BBE3B8}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E43D1968-D5FB-4C46-9707-8D9958710D5A}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E912C30C-9E83-4339-BBAC-ED02A23557C8}" refers to invalid object "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPortalPlugin-8876480.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F0FDBF9F-63BF-4BFB-A3DB-E7B7FCF3F7DE}" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\directorps.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F1DD8F2C-1A49-40F0-9649-ACB3AB7AF86A}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\sl1kv3eg.default\Cache\734B84ABd01 tagged as not-a-virus:Effect.Win16.Gun. No Action Taken.
File C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\sl1kv3eg.default\Cache\E8808EB7d01 tagged as not-a-virus:Joke.Win16.Prank. No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\aaw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\ePhot18E.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\tech\aaw6.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\tech\zaSetup_37_193.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\wave converter\LiveDrvUni-Pack(ENG).exe tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zaSetup_1001.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zaSetup_37_098.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zaSetup_37_202.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zaSetup_37_211.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_45_530.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_45_538_001.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_50_590_043.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\hijackthis\installs\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Click'N Design 3D\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Pinnacle\Studio 8\OEM\hfx46studiosilent.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Pinnacle\Studio 8\PPE111.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\Installs\ymsgrie.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_45_594_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_50_590_015.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_51_011.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_51_033_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_55_062_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_55_062_004.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_55_062_011.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Administrator.BOHLENDER6\My Documents\Data\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\sl1kv3eg.default\Cache\734B84ABd01 tagged as not-a-virus:Effect.Win16.Gun. No Action Taken.
File C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\sl1kv3eg.default\Cache\E8808EB7d01 tagged as not-a-virus:Joke.Win16.Prank. No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Default User\My Documents\Data\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\aaw.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\ePhot18E.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\tech\aaw6.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\tech\zaSetup_37_193.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\wave converter\LiveDrvUni-Pack(ENG).exe tagged as not-a-virus:Tool.Win32.KillApp.b. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zaSetup_1001.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zaSetup_37_098.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zaSetup_37_202.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zaSetup_37_211.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_45_530.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_45_538_001.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Jedd Bohlender\Desktop\stuff\installations\zone alarm\zlsSetup_50_590_043.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\Data\all_files2_at.exe infected by "Trojan-Downloader.Win32.VB.q" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sharri's\My Documents\Data\Data\all_files3.exe tagged as "not-a-virus:AdWare.ToolBar.GigatechSuperBar". Action Taken: No Action Taken.
File C:\hijackthis\installs\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Click'N Design 3D\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Pinnacle\Studio 8\OEM\hfx46studiosilent.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Pinnacle\Studio 8\PPE111.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Yahoo!\Installs\ymsgrie.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_45_594_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_50_590_015.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_51_011.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_51_033_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_55_062_000.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_55_062_004.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Zone Labs\ZoneAlarm\zlsSetup_55_062_011.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. I want you to download and run a free trial version of an anti-trojan program called Trojan Hunter: Trojan Hunter . Let it scan your whole system and remove anything it finds.

REBOOT
your system.

2. Now to clean out some of the malware that you have you need to
download two free programs and install and run them according to
the instructions below:

First is Spybot S & D available from here.

A Graphical tutorial by another Classroom Teacher texruss is here

1. Downloaded and Install Spybot S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then download and install the Updates.

5. Next click the button ‘Check for Problems'

6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

7. Make certain there is a check mark beside all of the RED entries ONLY.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

9. REBOOT to complete the scan and clear memory.

==============================

Now for Ad-Aware : available from here.

A Graphical tutorial by another Classroom Teacher (texruss) is here Here

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check and make Green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries in the registry or bad files, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found[/quote


NOTE: Please include log from Trojan Hunter and Ad-Aware in your next reply. Thanks

Regards,

Trevuren

  • 0

#7
uncle jedd

uncle jedd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I am unable to do anything with the files listed below after running TrojanHunter. Evaluation Copy Results: Am I to delete the trojans found through My Computer?

Here are the results of todays scans.
Thanks and have a great 4th!

TrojanHunter results

Registry scan
No suspicious entries found
Inifile scan
No suspicious entries found
File scan
C:\hiberfil.sys Not scanned (in use by another application)
C:\pagefile.sys Not scanned (in use by another application)
Warning: Executable file with double extensions found: C:\Program Files\Mozilla Firefox\firefox setup 1.0pr.exe
Warning: Unable to unpack UPX-packed file C:\Program Files\Norton AntiVirus\virus updates\FxBeagle.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\Program Files\TrojanHunter 4.2\InstTimeUpdater.exe (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\$NtServicePackUninstall$\usbuhci.sys (Add to ignore list)
Warning: Unable to unpack UPX-packed file C:\WINDOWS\$NtUninstallKB822603$\usbuhci.sys (Add to ignore list)
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_76b2705e\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_41a45ff2\System.Xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
ScriptChecker: Cannot open file "C:\WINDOWS\Q?ICKEN.INI". The filename, directory name, or volume label syntax is incorrect
Found possible trojan file: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pftC~tmp\SUPPORT\NAVTOOLS\REPAIR\FIXCRED.EXE (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pftC~tmp\SUPPORT\NAVTOOLS\REPAIR\FIXHAP~1.EXE (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Found possible trojan file: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\pftC~tmp\SUPPORT\NAVTOOLS\REPAIR\FIXPOTOK.EXE (Suspicious: UPX-packed file in Windows System folder) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)
Error: Directory not found: D:\
Error: Directory not found: E:\
Error: Directory not found: F:\
3 possible trojan files found
Port scan
No suspicious open ports found
AppInitChecker Executing
exefile\shell\open\command is OK
Shell executable scan
Shell entry is OK
WinIniChecker Executing
C:\WINDOWS\win.ini: load and run entries OK
Enumerating Layered Service Providers
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\rsvpsp.dll
DLL file: %SystemRoot%\system32\rsvpsp.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll
DLL file: %SystemRoot%\system32\mswsock.dll



Ad-Aware results

ArchiveData(auto-quarantine- 2005-07-03 16-27-10.bckp)
Referencefile : SE1R47 24.05.2005
======================================================

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=IECache Entry : C:\Documents and Settings\Cody\Cookies\cody@live365[1].txt


Spybot S & D results

Congratulations!: No immediate threats were found. ()

--- Spybot - Search && Destroy version: 1.3 ---
2005-04-26 Includes\Cookies.sbi
2005-06-23 Includes\Dialer.sbi
2005-06-23 Includes\Hijackers.sbi
2005-06-23 Includes\Keyloggers.sbi
2004-11-29 Includes\LSP.sbi
2005-06-23 Includes\Malware.sbi
2005-06-09 Includes\PUPS.sbi
2005-04-27 Includes\Revision.sbi
2005-06-09 Includes\Security.sbi
2005-06-15 Includes\Spybots.sbi
2005-02-17 Includes\Tracks.uti
2005-06-21 Includes\Trojans.sbi
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
That's fine we will keep it for future reference. They did what they were supposed to do.

1. Now, please download and run a free 30-day trial of Kaspersky AntiVirus. Make sure all its definitions are current and run a full system scan. Let it remove anything it wants.

2. Then Reboot your system.

3. Please post a fresh HJT log. Thanks,

Trevuren
  • 0

#9
uncle jedd

uncle jedd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Again thanks for the help and have a good 4th.
Kaspersky repelled Helkern and left Trojan-Downloader.Win32.VB.q.

Logfile of HijackThis v1.99.1
Scan saved at 1:18:21 PM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatherun...ast?query=68803
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {13579E65-056D-4444-B36C-5FADB94675D3} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cfm: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.chart...oad/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-de...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O18 - Protocol: bw+0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. First we need to make all files and folders VISIBLE:

Go to start>control panel>folder options>view (tab)
*choose to "show hidden files and folders,"
*uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
*Close the window with ok
*All hidden files will now be visible

Please RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: (no name) - {13579E65-056D-4444-B36C-5FADB94675D3} - (no file)



Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode

*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.


2. While in Safe Mode, rerun EWIDO and save the results of the nw scan

REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it along with the results from EWIDO.

Regards,

Trevuren

  • 0

#11
uncle jedd

uncle jedd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
This now shows up after startup.

Kaspersky Anti-Virus Personal.
Attention! Your computer has been attacked from the Internet.
Network attack Helkern from address 22.174.115.18 has successfully repelled


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:22:17 PM, 7/4/2005
+ Report-Checksum: A1949972

+ Date of database: 6/29/2005
+ Version of scan engine: v3.0

+ Duration: 58 min
+ Scanned Files: 72355
+ Speed: 20.50 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: No

+ Scanned items:
C:\

+ Scan result:
No infected files found!


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 7:49:12 PM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weatherun...ast?query=68803
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .cfm: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.chart...oad/tgctlsi.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone-de...s/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O18 - Protocol: bw+0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw+0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw-0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw00s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw10s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw20s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw30s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw40s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw50s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw60s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw70s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw80s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bw90s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwa0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwb0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwc0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwd0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwe0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwf0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwg0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwh0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwi0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwj0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwk0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwl0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwm0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwn0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwo0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwp0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwq0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwr0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bws0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwt0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwu0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwv0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bww0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwx0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwy0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: bwz0s - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O18 - Protocol: offline-8876480 - {D4365200-FD96-4032-A9C8-1C88BF278B55} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks clean and your firewall appears to be doing its job. If there are no other issues, we will commence final cleaning procedures.

Regards,

Trevuren

  • 0

#13
uncle jedd

uncle jedd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Just let me know what else I can do.
My evaluation of TDS-3 has expired, should this be uninstalled.
I don’t mind purchasing protection but I would like it to PROTECT.
Kaspersky, AVG, Ewido, Norton, what works with what.
I digress, let’s finish cleaning.
And what is C:\ProgramFiles\Logitech\DesktopMessenger\8876480\Program\BWPlugProtocol
Thanks so much for the help.

Edited by uncle jedd, 06 July 2005 - 09:17 AM.

  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Logitec Desktop Messenger is seldom used ny anyone and can be uninstalled.
2. Kaspersky, AVG7 and Norton are all Antivirus applications. One you have paid for, the other two were trials. Keep the one you paid for and UNINSTALL the other two (Running more than 1 AV at a time can often cause problems with your system)
3. EWIDO can still be used after the trial period as long as you remember to manually get the updates. It is an excellent program.
4. TDS-3 is probably the #1 ranking anti-trojan program on the market but most people don't understand how to use it properly. There are alternatives like Trojan Hunter or even A Squared that do a good job.
--------------------------------------------------------------------
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
1. Right-click "My Computer", and then left click "Properties".
2. Left click on "System Restore Tab"
3. Check box beside "Turn Off System Restore"
4. Left click on "Apply"

TO ENABLE SYSTEM RESTORE
1.Remove check mark from "Turn Off System Restore"
2.Click on "Apply"

2. Cleanup the leftovers. Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


3. Finally, Re-hide your System Files and Folders to prevent any future accidents.


Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP