tons of popups

Discussion in 'Malware Help (A Specialist Will Reply)' started by Icelander, May 4, 2005.

  1. Icelander

    Icelander Private First Class

    I am now frequently getting popups every minute from ads1.searchmiracle.com and e.rn11.com, even though i am not surfing the net at the time.
    I have scanned my pc with adaware 5 times and deleted all viruses everytime, still no progress.
    Hoping for help, noob help

    -The Icelander
     
    Icelander, May 4, 2005
    #1
  2. jarcher

    jarcher I can't handle a title

    Have you already gone through this sticky if not please do so. . .
    READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal:
    if you have double check everything and make sure you did do everything
    and all software is up to date

    and run through this before attaching a log
    NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting:
    *Note that your HijackThis should be up-to-date (v1.99.1) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis! Please do this!!!*
     
    jarcher, May 4, 2005
    #2
  3. foot loose

    foot loose Private E-2

    get service pack 2. of get a firewall
     
    foot loose, May 4, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As Star17 indicated, you have no idea what the user even has installed on their system. In addition, neither will fix his problem anyway. In addition, if you are implying that the firewall in SP2 should be used, you are mistaken. It is better than nothing but it is not sufficient. A real software firewall must be installed and then the one in SP2 should be disabled to avoid conflicts.
     
    chaslang, May 5, 2005
    #4
  5. foot loose

    foot loose Private E-2

    well some sort of protection is better than none
     
    foot loose, May 5, 2005
    #5
  6. foot loose

    foot loose Private E-2

    i know that... but they were just some quick answers to the question because he says he is a noob. so i am asuming he has no protection at all. if he was not a noob then i would of given a more advance answer. :eek:
     
    foot loose, May 5, 2005
    #6
  7. Myth

    Myth Private E-2

    id recommomed downloading Microsoft AntiSpyware it on download.com Microsoft® Windows AntiSpyware its free aslong as u have a valid version of windows (product code etc) i tested loads of antispyware programs and AV and then a month later PC Advisor Magazine done reveiws on all the same and the also said like i did to my boss that there aint no single antispyware program that can do the job and i use adaware and the 1 above if you use it i bet you will thank me later lol
     
    Last edited by a moderator: May 5, 2005
    Myth, May 5, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I changed your link to refer to MGs download path. Please use MGs link before linking externally.
     
    chaslang, May 5, 2005
    #8
  9. Icelander

    Icelander Private First Class

    I followed myths help and everything seems to be running great, so thanks for all the help myth.
    I'm not that big of a noob that i dont have protection but im not the guy who can easily wander around in safemode deleting this and that, im not a tecnical kind of guy. :p
     
    Icelander, May 5, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    A quick answer that will do nothing to resolve his current problem is not what the user needs. Doing an upgrade to SP2 (if even necessary) with malware present can cause big problems and it would not remove the existing malware. Adding an external firewall (if needed) will not fix the current problems either.

    What Jarcher provided, is the start of the solution. It will immediately fix the simple malware issues and then HJT will help us get to the bottom of what is going on.
     
    chaslang, May 5, 2005
    #10
  11. Icelander

    Icelander Private First Class

    I just said that myth solved my problem..
     
    Icelander, May 5, 2005
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's great! My message was more directed at Foot Loose.

    But you should double check to make sure nothing else is hidden in your system. While MS AV does a pretty good job, neither it nor the other tools by themselves are even close to perfect. Quite often there are many problems that are present but they do not make themselves obvious because they really do want to hide from you.
     
    chaslang, May 5, 2005
    #12
  13. Icelander

    Icelander Private First Class

    I think i'll have to take that back what i said about myth solving my problem, the popups have stoped but i scaned my pc again just incase something wasnt right.
    I found that the spyware causing my problems was still in the system so the popups will probably start coming again after i reboot so i am going to download hijakthis and even though i am not a tech person im gonna try to do this my self..
     
    Icelander, May 5, 2005
    #13
  14. Icelander

    Icelander Private First Class

    Here's my hijak this log.
    I hope someone will see something out of place
     

    Attached Files:

    Icelander, May 5, 2005
    #14
  15. Myth

    Myth Private E-2

    its obviouly putting itself back on your system then, did you try searching for the spyware on google or any other site (sorry im im not allowed to put that on there and sorry about the last link i not long been on here and this the 1st time i been using it properly so still dont no how to work it all, not do it again though nless i have to) see if there i site that can tell you how, what and where to remove the files that are causing the problem its not often ive came across items that microsoft or adaware cant remove but those were system that i was able to just format and re-install so i took the fast and easy route lol
     
    Myth, May 5, 2005
    #15
  16. Icelander

    Icelander Private First Class

    I new here to, have you taken a look at my HJT log? I dont understand anything in it exept the englist words :p
     
    Icelander, May 5, 2005
    #16
  17. Myth

    Myth Private E-2

    ive neva used that program my boss said not to so i didnt lol and the microsoft and adaware works 95% the time rarely have to remove files manually, have you searched on google for them at all?
     
    Myth, May 5, 2005
    #17
  18. jarcher

    jarcher I can't handle a title

    start here
    always, not to be rude but ignore Myth(for now, anyway)
    and run through the steps first provided
    then post a new log
     
    jarcher, May 5, 2005
    #18
  19. jarcher

    jarcher I can't handle a title

    and always close your browser and all un vital programs before scanning with HJT. had you gone through the info provided, you would know this. .
    and a majority of your log is:

    remove wild tanget from add remove programs
    this is not the quick answer you seek
    only one step forward
    sttill do the read me's
    delete nothing in hjt,yet
     
    jarcher, May 5, 2005
    #19
  20. Icelander

    Icelander Private First Class

    I read everything you told me to read... what did i do wrong?
     
    Icelander, May 5, 2005
    #20
  21. Icelander

    Icelander Private First Class

    Why should i uninstall wild tanget web driver
    Do you think its causing my problems? :confused:
     
    Icelander, May 5, 2005
    #21
  22. jarcher

    jarcher I can't handle a title

    if you ran through the read me's SB S&D would have gotten WT anyway
    and its not one thing causing you problems


    did ya do, everything? EDIT: guess not

    close all windows(even this one)
    run HJT
    check
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [MessengerPlus3] \"C:\Program Files\Messenger Plus! 3\MsgPlus.exe\"
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [lmu] C:\WINDOWS\LMU.exe
    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitelyw32.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE.
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41440IS
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitial Setup1.0.0.8-2.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/cannonballs/install.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/6c5b0a1ae398e3/player.virtools.com/downloads /player/Install2.5/Installer.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{10777870-4EEC-4E3A-BE81-96A24204D7E3}: NameServer = 212.30.200.200 212.30.200.199
    O17 - HKLM\System\CS1\Services\Tcpip\..\{10777870-4EEC-4E3A-BE81-96A24204D7E3}: NameServer = 212.30.200.200 212.30.200.199

    all of these(and related)
    click fix,close HJT

    Go to "Add/Remove Programs" in the Control Panel and uninstall Messenger Plus.
    Delete the folder C:\Program Files\MyWebSearch\
    Delete the C:\Program Files\Viewpoint\ folder.
    Delete the file C:\WINDOWS\LMU.exe
    Empty your recycle bin
    reboot

    you have a few running process that are in the wrong spot
    not sure on how legit they are(yet)

    run the other online virus scan(bitdefender)you did the trend micro

    post a new log
     
    jarcher, May 5, 2005
    #22
  23. Icelander

    Icelander Private First Class

    Ok, i fixed everything you said i should with HJT but didnt understand iff i was supposed to fix the quote.
    But, i wasnt able to delete the following:



    Delete the folder C:\Program Files\MyWebSearch\
    Delete the C:\Program Files\Viewpoint\ folder.
    Delete the file C:\WINDOWS\LMU.exe

    And the popups are back! :mad:
     
    Icelander, May 5, 2005
    #23
  24. Icelander

    Icelander Private First Class

    Here's the new HJK log
     

    Attached Files:

    Icelander, May 5, 2005
    #24
  25. jarcher

    jarcher I can't handle a title


    end these process find and remove it(make sure you have view hidden files enabled)
    elitelyw32.exe
    svchost.exe
    C:\WINDOWS\svchost.exe
    C:\windows\system32\elitelyw32.exe

    got a new one, eh?
    and ya missed some:




    O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitelyw32.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {BF4FC0C7-4387-4D18-AD86-DF33DDDE33C7} - http://hot.activebuddy.com/catalog/smarterchild/websetup.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab
    O18 - Protocol: bw+0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {7EF8E830-C6D9-4249-A720-ED1ADA49EE5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    Do you know the IP or Domain '212.30.200.200 212.30.200.199'? If not, fix this entry.
    O17 - HKLM\System\CS1\Services\Tcpip\..\{10777870-4EEC-4E3A-BE81-96A24204D7E3}: NameServer = 212.30.200.200 212.30.200.199O17 - HKLM\System\CS1\Services\Tcpip\..\{10777870-4EEC-4E3A-BE81-96A24204D7E3}: NameServer = 212.30.200.200 212.30.200.199


    it will be ok
    make sure you have view hidden files enabled
    if you ran adaware and spybot S&D, and so on. . .
    they might be gone

    DL
    a-squared (a²) Free edition

    and I do not know what this is(notice the lower case "c"

     
    jarcher, May 5, 2005
    #25
  26. Myth

    Myth Private E-2

    mayb you should just get data you need backed up and format your HDD its the easy way out other than setting up/installing everything again lol but do it at your own risk if you do :eek:
     
    Myth, May 6, 2005
    #26
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


    This is not necessary! The problems here are not that complicated to fix.


    jarcher,

    By the way the below type files usually come in groups:
    C:\windows\system32\elitelyw32.exe

    Look for all filenames starting with elite and ending in .exe Sometimes there are as many as 10 of them.
     
    chaslang, May 6, 2005
    #27
  28. Icelander

    Icelander Private First Class

    Thanks for the help everyone, but the problem has been solved :D
     
    Icelander, May 6, 2005
    #28
  29. jarcher

    jarcher I can't handle a title

    jarcher, May 6, 2005
    #29
  30. guinness2199

    guinness2199 Private E-2

    borrowed my hammer
     
    guinness2199, May 6, 2005
    #30

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds