Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please check this,may have a bug

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: please check this,may have a bug

Unread postby random/random » November 14th, 2007, 2:20 pm

Please post a new HijackThis log & a description of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Re: please check this,may have a bug

Unread postby vger » November 14th, 2007, 10:07 pm

gfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:24 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINXP\System32\CTSvcCDA.exe
C:\WINXP\system32\nvsvc32.exe
F:\PrfldSvc.exe
C:\WINXP\System32\tcpsvcs.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINXP\system32\ctfmon.exe
C:\Documents and Settings\All Users.WINXP\Documents\PopupVanish\PopupVanish.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Documents and Settings\A1\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6000 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\WINXP\TEMP\E_SAA.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [EPSON Stylus CX6000 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\DOCUME~1\A1\LOCALS~1\Temp\E_S10.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopupVanish] C:\Documents and Settings\All Users.WINXP\Documents\PopupVanish\PopupVanish.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: MoonPhase.lnk = C:\Program Files\Locutus\Moon\moon.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINXP\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\WINXP\System32\shdocvw.dll (HKCU)
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\WINXP\System32\shdocvw.dll (HKCU)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53276429-61B7-4221-AB23-90AAAC39CAE6}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: bw+0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINXP\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - F:\PrfldSvc.exe
O24 - Desktop Component 0: (no name) - http://www.alltel.net/images/topbanner.gif
O24 - Desktop Component 1: (no name) - http://www.adobe.com/products/acrobat/i ... er60hd.gif

--Shutdown problem still remains random,random delay in words appearing when typing.
vger
Regular Member
 
Posts: 15
Joined: December 21st, 2006, 11:04 pm

Re: please check this,may have a bug

Unread postby random/random » November 15th, 2007, 12:41 pm

  • Download AVG Anti-rootkit from here
  • Double click on avgarkt-setup-1.1.0.42.exe to start the install of AVG Anti-rootkit
  • Click Next>
  • Click Next>
  • Click I agree
  • Click Next>
  • Click Install
  • Click Finish, your computer will now be restarted
  • Once your machine has restarted, doubleclick on the AVG Anti-rootkit shortcut on your desktop to start AVG Anti-rootkit
  • Click Perform in-depth search
  • Click Scan
  • Wait for the scan to complete
  • Right click in the middle of the window, and click Save results
  • Save it to the desktop as avgrk.csv
  • Use notepad to open that file, and post the contents as a reply to this topic

  • Download Autoruns from here
  • Unzip/extract it to a folder on your desktop
  • Double click on autoruns.exe to start Autoruns
  • Wait for it to finish scanning
  • Under Options make sure the following options are slected
    • Verify Code Signatures
    • Hide Signed Microsoft Entries
  • Click File > Refresh
  • Click File > Save As
  • Save it to the desktop as autoruns.txt
  • Post the contents of autoruns.txt as a reply to this topic
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: please check this,may have a bug

Unread postby vger » November 17th, 2007, 11:17 am

Well i downloaded the software per instructions,but the AVG Anti rootkit is still running after i am quessing 12 hours now,i thought it probally froze up but it is not the case. Is this normal? It is at 64% completion.
vger
Regular Member
 
Posts: 15
Joined: December 21st, 2006, 11:04 pm

Re: please check this,may have a bug

Unread postby vger » November 17th, 2007, 11:18 am

Make that more than 15 hours!
vger
Regular Member
 
Posts: 15
Joined: December 21st, 2006, 11:04 pm

Re: please check this,may have a bug

Unread postby random/random » November 17th, 2007, 11:47 am

No, that's not normal

Please close AVG antirootkit and go on to the autoruns instructions
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: please check this,may have a bug

Unread postby vger » November 17th, 2007, 6:54 pm

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ AVP Kaspersky Anti-Virus (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe
+ BJCFD c:\program files\broadjump\client foundation\cfd.exe
+ NvCplDaemon NVIDIA Display Properties Extension (Not verified) NVIDIA Corporation c:\winxp\system32\nvcpl.dll
C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup
+ KODAK Software Updater.lnk c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe
C:\Documents and Settings\A1\Start Menu\Programs\Startup
+ BOINC Manager.lnk BOINC Manager for Windows (Not verified) Space Sciences Laboratory c:\program files\boinc\boincmgr.exe
+ MoonPhase.lnk c:\program files\locutus\moon\moon.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ ClocX ClocX (Not verified) BonSoft c:\program files\clocx\clocx.exe
+ FreeRAM XP FreeRAM XP Pro (YourWare Solutions) (Not verified) YourWare Solutions (TM) c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe
+ PopupVanish c:\documents and settings\all users.winxp\documents\popupvanish\popupvanish.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\winxp\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\winxp\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\winxp\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ bw+0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw+0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw-0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw-0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw00 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw00s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw10 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw10s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw20 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw20s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw30 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw30s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw40 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw40s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw50 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw50s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw60 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw60s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw70 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw70s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw80 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw80s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw90 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bw90s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwa0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwa0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwb0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwb0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwc0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwc0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwd0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwd0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwe0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwe0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwf0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwf0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwfile-8876480 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\gaplugprotocol-8876480.dll
+ bwg0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwg0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwh0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwh0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwi0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwi0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwj0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwj0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwk0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwk0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwl0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwl0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwm0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwm0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwn0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwn0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwo0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwo0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwp0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwp0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwq0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwq0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwr0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwr0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bws0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bws0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwt0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwt0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwu0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwu0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwv0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwv0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bww0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bww0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwx0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwx0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwy0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwy0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwz0 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ bwz0s BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
+ msnim MSN Messenger Protocol Handler (Not verified) Microsoft Corporation c:\program files\msn messenger\msgrapp.dll
+ offline-8876480 BackWeb Runner Application (Not verified) BackWeb Technologies Inc. c:\program files\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: http://www.alltel.net/images/topbanner.gif
+ 1 File not found: http://www.adobe.com/products/acrobat/i ... er60hd.gif
+ 2 File not found: About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\winxp\system32\mscories.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ sasseh.dll ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll
+ SpySubtract Shell Extension SpySubtract Shell Extension (Not verified) InterMute, Inc. c:\program files\intermute\spysubtract\sshook.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web Folders c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ CD Slideshow Powertoy Windows XP PowerToys (Not verified) Microsoft Corporation c:\winxp\system32\slideshow.dll
+ CloneCD CloseTray (Not verified) Elaborate Bytes c:\program files\elaborate bytes\clonecd\elbyvcdshell.dll
+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.60 (Not verified) NVIDIA Corporation c:\winxp\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.60 (Not verified) NVIDIA Corporation c:\winxp\system32\nvshell.dll
+ Desktop Manager c:\winxp\system32\msvdm.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\winxp\system32\mscoree.dll
+ KodakShellExtension Shell Extension Resource DLL (Not verified) Eastman Kodak Company c:\program files\common files\kodak\ifscore\kodakshx.dll
+ Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find (Not verified) Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll
+ NvCpl DesktopContext Class NVIDIA Display Properties Extension (Not verified) NVIDIA Corporation c:\winxp\system32\nvcpl.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.60 (Not verified) NVIDIA Corporation c:\winxp\system32\nvshell.dll
+ PhotoToys Windows XP PowerToys (Not verified) Microsoft Corporation c:\winxp\system32\phototoys.dll
+ Private Folder Copyhook Extention Shell extension (Not verified) Microsoft Corporation f:\shellext.dll
+ Private Folder Copyhook Extention Shell extension (Not verified) Microsoft Corporation f:\shellext.dll
+ Private Folder FSFolder Extention Shell extension (Not verified) Microsoft Corporation f:\shellext.dll
+ Private Folder Shortcut Extention Shell extension (Not verified) Microsoft Corporation f:\shellext.dll
+ SPTHandler Crawler Spyware Terminator Shell Extension (Not verified) Crawler.com c:\program files\spyware terminator\sptcontmenu.dll
+ SpySubtract Shell Extension SpySubtract Shell Extension (Not verified) InterMute, Inc. c:\program files\intermute\spysubtract\sshook.dll
+ Web Anti-Virus Script Monitor Internet Explorer plugin (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 6.0\scieplugin.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll
+ Yahoo! Mail YMMAPI Module (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi20041123.dll
+ Zinio Magazine Column Provider Zinio Shell Extension Module (Not verified) Zinio Systems, Inc. c:\program files\common files\zinio\zshext.dll
+ Zinio Shell Extension Zinio Shell Extension Module (Not verified) Zinio Systems, Inc. c:\program files\common files\zinio\zshext.dll
+ Zinio Shell Extension UI Object Zinio Shell Extension Module (Not verified) Zinio Systems, Inc. c:\program files\common files\zinio\zshext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ MyMagazinesColumn Class Zinio Shell Extension Module (Not verified) Zinio Systems, Inc. c:\program files\common files\zinio\zshext.dll
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ EpsonToolBandKicker Class EPSON Web-To-Page (Not verified) SEIKO EPSON CORPORATION c:\program files\epson\epson web-to-page\epson web-to-page.dll
+ {53707962-6F74-2D53-2644-206D7942484F} Bad download blocker (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdhelper.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ epson web-to-page.dll EPSON Web-To-Page (Not verified) SEIKO EPSON CORPORATION c:\program files\epson\epson web-to-page\epson web-to-page.dll
Task Scheduler
+ SmartDefrag.job (Verified) IObit.com c:\program files\iobit\iobit smartdefrag\schedule.exe
HKLM\System\CurrentControlSet\Services
+ AVP Provides protection against computer viruses and another dangerous software. (Not verified) Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 6.0\avp.exe
+ Creative Service for CDROM Access Creative Service for CDROM Access (Not verified) Creative Technology Ltd c:\winxp\system32\ctsvccda.exe
+ NVSvc Provides system and desktop level support to the NVIDIA display driver (Not verified) NVIDIA Corporation c:\winxp\system32\nvsvc32.exe
+ prfldsvc f:\prfldsvc.exe
HKLM\System\CurrentControlSet\Services
+ Afc Arcsoft(R) ASPI Shell (Not verified) Arcsoft, Inc. c:\winxp\system32\drivers\afc.sys
+ ASPI32 ASPI for WIN32 Kernel Driver (Not verified) Adaptec c:\winxp\system32\drivers\aspi32.sys
+ AVG Anti-Rootkit AVG Anti-Rootkit Driver (Not verified) GRISOFT, s.r.o. c:\winxp\system32\drivers\avgarkt.sys
+ AvgArCln AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. c:\winxp\system32\drivers\avgarcln.sys
+ Changer File not found: C:\WINXP\System32\Drivers\Changer.sys
+ EGATHDRV c:\winxp\downloaded program files\egathdrv.sys
+ ElbyCDFL ElbyCDIO Filter Driver (Not verified) SlySoft, Inc. c:\winxp\system32\drivers\elbycdfl.sys
+ ElbyCDIO ElbyCD Windows NT/2000/XP I/O driver (Not verified) Elaborate Bytes AG c:\winxp\system32\drivers\elbycdio.sys
+ GEARAspiWDM CDRom Class Filter Driver (Verified) GEAR Software Inc. c:\winxp\system32\drivers\gearaspiwdm.sys
+ hotcore Hotbackup helper driver (Not verified) Paragon Software Group c:\winxp\system32\drivers\hotcore.sys
+ i2omgmt File not found: C:\WINXP\System32\Drivers\i2omgmt.sys
+ kl1 Kaspersky Unified Driver (Not verified) Kaspersky Lab c:\winxp\system32\drivers\kl1.sys
+ klif spuper-ptor (Not verified) Kaspersky Lab c:\winxp\system32\drivers\klif.sys
+ lbrtfdc File not found: C:\WINXP\System32\Drivers\lbrtfdc.sys
+ mbmiodrvr MBMIO Driver (Not verified) cansoft@livewiredev.com c:\winxp\system32\mbmiodrvr.sys
+ MCSTRM File not found: C:\WINXP\System32\Drivers\MCSTRM.sys
+ NIC2000 File not found: System32\DRIVERS\NIC2000.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 93.71 (Not verified) NVIDIA Corporation c:\winxp\system32\drivers\nv4_mini.sys
+ NxFsMon File not found: C:\PROGRA~1\Novatix\CYBERH~1\NxFsMon.sys
+ NxNetMon File not found: C:\PROGRA~1\Novatix\CYBERH~1\NxNetMon.sys
+ NxSysMon File not found: C:\PROGRA~1\Novatix\CYBERH~1\NxSysMon.sys
+ PCIDump File not found: C:\WINXP\System32\Drivers\PCIDump.sys
+ PCLinkBridge USB-USB Network Bridge File not found: System32\DRIVERS\pro2000.sys
+ PDCOMP File not found: C:\WINXP\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINXP\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINXP\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINXP\System32\Drivers\PDRFRAME.sys
+ PfModNT PCI/ISA Device Info. Service (Not verified) Creative Technology Ltd. c:\winxp\system32\pfmodnt.sys
+ PL2501NW USB-USB Network Bridge NIC Driver(NDIS 5.0) (Not verified) Prolific Technology Inc. (http://www.prolific.com.tw) c:\winxp\system32\drivers\pl2501nw.sys
+ PREVXDriver File not found: System32\drivers\pxfsf.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\winxp\system32\drivers\pxhelp20.sys
+ SANDRA File not found: C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\Sandra.sys
+ SASDIFSV SASDIFSV c:\program files\superantispyware\sasdifsv.sys
+ SASENUM SuperAntiSpyware (Not verified) SuperAdBlocker, Inc. c:\program files\superantispyware\sasenum.sys
+ SASKUTIL SASKUTIL.SYS c:\program files\superantispyware\saskutil.sys
+ SocketLock c:\winxp\system32\socketlock.sys
+ sp_rsdrv2 c:\winxp\system32\drivers\sp_rsdrv2.sys
+ ssoftnt4 c:\winxp\system32\drivers\ssoftnt4.sys
+ TSP spuper-ptor (Not verified) Kaspersky Lab c:\winxp\system32\drivers\klif.sys
+ TVICHW32 TVicHW32 Driver for Windows NT/2000/XP (Not verified) EnTech Taiwan c:\winxp\system32\drivers\tvichw32.sys
+ USBSNXSTOR File not found: System32\DRIVERS\Usbsnx2k.SYS
+ WDICA File not found: C:\WINXP\System32\Drivers\WDICA.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ !SASWinLogon SUPERAntiSpyware WinLogon Processor (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll
+ klogon Logon Visualizer (Not verified) Kaspersky Lab c:\winxp\system32\klogon.dll
HKCU\Control Panel\Desktop\Scrnsave.exe
+ C:\WINXP\boinc.scr BOINC Screensaver (Not verified) Space Sciences Laboratory c:\winxp\boinc.scr
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Canon BJ Language Monitor BJC-3000 BJ Language Monitor (Not verified) CANON INC. c:\winxp\system32\cnmlm23.dll
vger
Regular Member
 
Posts: 15
Joined: December 21st, 2006, 11:04 pm

Re: please check this,may have a bug

Unread postby random/random » November 20th, 2007, 5:41 pm

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: please check this,may have a bug

Unread postby vger » November 21st, 2007, 6:49 am

I did the short scan first and it found ( CFD.broadjump) and said it was a virus,but i hit the wrong button and did the incurable delete instead...sorry about that . Anyway i went on with the main scan as per instructions and after 5 or 10 minutes into the scan i got the blue screen error and here is the code 0x0000000A. So i had to manually shutdown the computer and i did not resume the scan.
vger
Regular Member
 
Posts: 15
Joined: December 21st, 2006, 11:04 pm

Re: please check this,may have a bug

Unread postby random/random » November 22nd, 2007, 12:11 pm

You appear to have a program on your system called Logitech Desktop Messenger. This is a background process that can automatically access the Internet without your knowledge or permission. Although it does provide updates for your Logitech products, the fact that it can access the Internet without your consent is potentially dangerous. It does download and update your Logitech products but this can be done manually by visiting the Logitech web site. My advice would be to uninstall this program but this is entirely your decision. I suggest doing all updates yourself and removing this application!

Then post a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: please check this,may have a bug

Unread postby vger » November 28th, 2007, 9:26 pm

gfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:49 PM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINXP\system32\ctfmon.exe
C:\Documents and Settings\All Users.WINXP\Documents\PopupVanish\PopupVanish.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINXP\System32\CTSvcCDA.exe
C:\WINXP\system32\nvsvc32.exe
F:\PrfldSvc.exe
C:\WINXP\System32\tcpsvcs.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\A1\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [EPSON Stylus CX6000 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\DOCUME~1\A1\LOCALS~1\Temp\E_S10.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopupVanish] C:\Documents and Settings\All Users.WINXP\Documents\PopupVanish\PopupVanish.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: MoonPhase.lnk = C:\Program Files\Locutus\Moon\moon.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINXP\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\WINXP\System32\shdocvw.dll (HKCU)
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\WINXP\System32\shdocvw.dll (HKCU)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53276429-61B7-4221-AB23-90AAAC39CAE6}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: bw+0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - F:\PrfldSvc.exe
O24 - Desktop Component 0: (no name) - http://www.alltel.net/images/topbanner.gif
O24 - Desktop Component 1: (no name) - http://www.adobe.com/products/acrobat/i ... er60hd.gif

--
End of file - 17844 bytes




I uninstalled the messenger,but i see that it is showing up.
vger
Regular Member
 
Posts: 15
Joined: December 21st, 2006, 11:04 pm

Re: please check this,may have a bug

Unread postby random/random » November 30th, 2007, 3:30 pm

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
O18 - Protocol: bw+0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B5342987-C42B-462C-BB46-D7E25F5A2705} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Then close all windows except HijackThis and click Fix Checked

Then post a new HijackThis log & let me know of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: please check this,may have a bug

Unread postby vger » November 30th, 2007, 6:04 pm

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:57 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\ClocX\ClocX.exe
C:\WINXP\system32\ctfmon.exe
C:\Documents and Settings\All Users.WINXP\Documents\PopupVanish\PopupVanish.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINXP\System32\CTSvcCDA.exe
F:\PrfldSvc.exe
C:\WINXP\System32\tcpsvcs.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\wuauclt.exe
C:\Documents and Settings\A1\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com//0seenus/saos01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [EPSON Stylus CX6000 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIBIA.EXE /FU "C:\DOCUME~1\A1\LOCALS~1\Temp\E_S10.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopupVanish] C:\Documents and Settings\All Users.WINXP\Documents\PopupVanish\PopupVanish.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: MoonPhase.lnk = C:\Program Files\Locutus\Moon\moon.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINXP\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\WINXP\System32\shdocvw.dll (HKCU)
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\WINXP\System32\shdocvw.dll (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53276429-61B7-4221-AB23-90AAAC39CAE6}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXP\System32\CTSvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - F:\PrfldSvc.exe
O24 - Desktop Component 0: (no name) - http://www.alltel.net/images/topbanner.gif
O24 - Desktop Component 1: (no name) - http://www.adobe.com/products/acrobat/i ... er60hd.gif

--
End of file - 5625 bytes



No other problems as of yet....thanks
vger
Regular Member
 
Posts: 15
Joined: December 21st, 2006, 11:04 pm

Re: please check this,may have a bug

Unread postby random/random » December 1st, 2007, 9:17 am

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  1. Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  2. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  3. Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  4. Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  5. Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  6. Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  7. Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  8. Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  9. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Re: please check this,may have a bug

Unread postby askey127 » December 23rd, 2007, 7:46 am

Glad we could be of assistance. This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
Please do not contact us to reopen this topic if you are not the topic starter.
A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link : Donations For Malware Removal
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware