Tech Support Guy banner
  • Please post in our Community Feedback thread for help with the new forum software! If you are having trouble logging in, please Contact Us for assistance.
Status
Not open for further replies.
1 - 17 of 17 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter · #1 ·
First of all let me say I am using windows xp, powered by a dell. I have tried using my McAfee, ad-aware se, and spybot and none of them really worked. The problem is.. I have a number of spyware or adware. I can remove it with ad-aware (or so it says its removed) but then when I restart my computer, all of it is back! :confused: :mad: These are the things Im affected by according to ad-aware se... lots of "windupdates" the types are process', regkeys, regvalue, and a folder. I also have some tracking cookies and a "Win32.P2P-Worm.Alcan.a" which is a file!!!!! :eek: those are the critical objects that are affecting my comp from what AdAwareSE says.(if anyone needs to see the scanning results just tell me) According to McAffee antispyware, I have Winad (12 componenets), opensite (1 component), DFC.dr (9 components), Winad.dldr (10 components), WUpd (8 components), SearchAssistant.dldr (5 components), Altnet (12 components), and WinAd.dr (10 components). My computer is fine, It would just open up limewire and when i would exit it, it would open up again right away so i uninstalled limewire and now i get a window from java telling me im missing files to open limewire. OH and i cant open up my task manager! but other than that my comp. is running alittle slower but ok. i would really appreciate it if anyone could help me removing this spyware or adware for good. thanks
 

·
Registered
Joined
·
49,014 Posts
Removing LimeWire was the first important step!!!!!!

Run ActiveScan online virus scan

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Then get HiJack This V1.99.1 http://thespykiller.co.uk/files/hijackthis_sfx.exe - double click the DL file and click unzip letting it extract to its default folder C:\Program FIles\HiJackThis, run it from there, DO NOT fix anything

Post a new HiJackThis log along with the results from ActiveScan
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #3 ·
Thanks alot, i will try it out. let me just tell you what happens when i turn on my comp. ok lime wire would open. I would close it but it would automaticly open up again over and over. so i uninstalled limewire. now a java window comes up instead of limewire opening. the java window tells me "one of more necessary files appear to be invalid. this is generally caused by a corrupted installation. please try downloading and installing limewire again (which im not gonna do). if the problem persists, please copy and past the message below and send it to: [email protected] thank you." and from now on that window keeps coming up over and over. Also a Mcafee window appears telling me "a suspicious program has been detected" the file mediaAccess.exe has been detected as a component of the potentially unwanted program "WinAd" do you want to remove it? so i click stop this program and another McAfee window appears after saying "the potentially unwanted program WinAd had been terminated but is still on you comp. in order to remove the program from your comp, Mcafee AntiSpyware must perform a scan. so i perform the scan and it finds Winad (12 componenets), opensite (1 component), DFC.dr (9 components), Winad.dldr (10 components), WUpd (8 components), SearchAssistant.dldr (5 components), Altnet (12 components), and WinAd.dr (10 components). so i remove them. and says i need to restart my comp in orfer to remove them. and i still get the McAfee warning window again even before i restart my comp. so i restart anyway and i perform the scan again and there all back!! :mad: Do you think I should still do what you told me to do? "MFDnSC"?
 

·
Registered
Joined
·
49,014 Posts
There is no way I am going to try and read that long paragraph - break it up

Run the scan and Post the HiJackThis log - it is a lot better at telling us what to do and there will be some entires that we know of by your description - a little more action will get this solved rather than saying the same thing

additionally get all of these

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html * NEW *
AdAware SE 1.06 http://www.majorgeeks.com/download506.html - * NEW *
MS AntiSpy - http://download.microsoft.com/downl...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates
and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #5 ·
Logfile of HijackThis v1.99.1
Scan saved at 5:35:02 AM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Open Site\opensite.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: ConferenceRoom Java Client - http://chat.ksexradio.com/java/cr.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/partners/aolim/install.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.rockdetente.com/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/daimlerchrysler/rrtstreetwise/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB
O18 - Protocol: bw+0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {909CD4B7-6C9A-4109-AD12-6788CD13DB90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

·
Registered
Joined
·
49,014 Posts
DL http://www.cexx.org/lspfix.htm

Add remove programs remove all occurrences of Viewpoint – Logitech Desktop Manager – P2P Networking (Likely source of your probs) – Opensite – Media Access – if present

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Then click Finish.

Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKCU\..\Run: [LDM] \Program\

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/...lim/install.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...ise/install.cab

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these folders

C:\Program Files\Viewpoint
C:\Program Files\Open Site
C:\Program Files\Media Access
C:\WINDOWS\SYSTEM32\P2P NETWORKING

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot - I fall of those Logitech O18 entries are still there remove them

Attach the Active scan log

Please give feedback on what worked/didn’t work and the current status of your system
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #8 ·
ACTIVE SCAN

Incident Status Location

Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/WinAD No disinfected C:\PROGRA~1\MEDIAA~1\MEDIAA~1.EXE
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\msbb???.dll
Adware:Adware/FunWeb No disinfected Windows Registry
Adware:Adware/Apropos No disinfected C:\Documents and Settings\Haydee Mestre\Application Data\Pop!
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\downloaded program files\ATPartners.inf
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\Downloaded Program Files\VBouncerOuter*.exe
Adware:Adware/MediaTickets No disinfected Windows Registry
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\Temp\Altnet
Adware:Adware/WinAD No disinfected C:\b.tmp
Adware:Adware/Apropos No disinfected C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\AlertSWF\contents\Exec.exe
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Haydee Mestre\Local Settings\Temp\temp.fr3111
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Haydee Mestre\Local Settings\Temp\temp.fr5540\MediaAccess.exe
Adware:Adware/WUpd No disinfected C:\Documents and Settings\Haydee Mestre\Local Settings\Temp\temp.fr80A1
Adware:Adware/WinAD No disinfected C:\Documents and Settings\Haydee Mestre\Local Settings\Temp\temp.fr8AD5\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccC.dll
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccess.exe
Adware:Adware/WinAD No disinfected C:\Program Files\Media Access\MediaAccK.exe
Adware:Adware/WUpd No disinfected C:\temp\WinCtlAdInstPack.exe
Adware:Adware/NetPals No disinfected C:\WINDOWS\Downloaded Program Files\ATPartners.inf
Adware:Adware/Opensite No disinfected C:\WINDOWS\Downloaded Program Files\UCSearch.INF
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\Downloaded Program Files\VBouncerOuter1125030730.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\msbb321.dll
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v123.cpl
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\SplWbr.dll
 

·
Registered
Joined
·
8 Posts
Discussion Starter · #12 ·
MFDnSC said:
DL http://www.cexx.org/lspfix.htm

Add remove programs remove all occurrences of Viewpoint – Logitech Desktop Manager – P2P Networking (Likely source of your probs) – Opensite – Media Access – if present

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Then click Finish.

Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Open Site] "C:\Program Files\Open Site\opensite.exe"

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKCU\..\Run: [LDM] \Program\

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {65E7DB1D-0101-4100-BD66-C5C78C917F93} - http://install.wildtangent.com/bgn/...lim/install.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...ise/install.cab

O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/opnste/UCSearch.CAB

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these folders

C:\Program Files\Viewpoint
C:\Program Files\Open Site
C:\Program Files\Media Access
C:\WINDOWS\SYSTEM32\P2P NETWORKING

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot - I fall of those Logitech O18 entries are still there remove them

Attach the Active scan log

Please give feedback on what worked/didn’t work and the current status of your system
before i do all of that, should i delete all the things that active scan couldent clean? like how you said in your first post of the thread?
 

·
Registered
Joined
·
70 Posts
just managed to get rid of ALTNET - cost $ 29.99 though - download SPYHUNTER ! - does the job and pc is now running great - u can download a FREE scan first and see what it finds !!
 

·
Registered
Joined
·
70 Posts
aint that bothered !! it eliminated altnet and that was worth the money alone - no one else in here could assist me - my pc is now running great - funny how people get uptight when people try and help others aint it? we aint all experts but i have the right to tell people if a certain product worked for me !!
 
1 - 17 of 17 Posts
Status
Not open for further replies.
Top