0

Alright, here's the deal.

In the past, I have been able to get most issues figured out with the various programs (adaware, spybot, antivirus, etc.). Whatever issues my computer has now is really stumping me.

I'm running windows 98 SE

Current installed spyware, virus stuff:

AVG Free
Ad-aware SE personal
Spyware Doctor
Spybot S&D
CWShredder
Spywareblaster


I have not been able to finish ad-aware. It gets to a certain point and get's stuck at "busy". I've tried it in safe mode with no luck. I checked my hd for errors(none were found).

Spybot "kinda" finishes. It lists an error at the top of the list when it's done.

There are numerous files loaded into the startup that I had to disable to even allow me to use my computer. I would have to guess 40-50 files. I unchecked them in the startup via the msconfig.

Anyhow, any help you guys can give me, I would really appreciate.

Here is my hijackthis log file:


Logfile of HijackThis v1.99.1
Scan saved at 10:13:13 PM, on 5/16/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SDKWZ.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\BRZTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: Class - {CAB5449A-4D1D-F3DD-517A-3206407CB6EA} - C:\WINDOWS\SYSTEM\D3ZP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SDKWZ.EXE] C:\WINDOWS\SYSTEM\SDKWZ.EXE
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [hp helo] C:\HP\SUPPORT\Support Center\hp helo.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [BreezeTray] BrzTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunOnce: [javanf.exe] C:\WINDOWS\javanf.exe
O4 - HKLM\..\RunOnce: [addwm32.exe] C:\WINDOWS\addwm32.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\PROGRAM FILES\MARKETBROWSER\LMT\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\PROGRAM FILES\MARKETBROWSER\LMT\MarketBrowser_Launch.xpy
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL (file missing)
O12 - Plugin for .fml: C:\PROGRA~1\INTERN~1\PLUGINS\NPFML32.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: offline-8876480 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

5
Contributors
12
Replies
13
Views
12 Years
Discussion Span
Last Post by dlh6213
0

UMDstudent,

Hi and welcome to the Daniweb forums :).

-

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, post back the full filename of any files that cannot be cleaned or deleted.

===============

Download, unzip to your desktop About:Buster and run it, then:

1. Click "Update".
2. Click "Check For Update"

(If no new version is available, skip to step #4.)

3. Click "Download Update", and wait for it to be installed.
4. Click "Start".

(Wait for the initial ADS scan to complete.)

5. Click "Yes", to shutdown any IE session currently open.

(Wait for the about:blank scan to complete.)

6. Click "Ok", to scan once more.
7. Click "Yes", to shutdown any IE sessions currently open.
8. Click "Yes", to begin the second pass.

9. Click "Save log", and post this log back along with your new log.
10. Click "Exit".
11. Click "Exit".
12. "Reboot"..


===============

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\SYSTEM\SDKWZ.EXE

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Still in HiJackThis, click "Scan", then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lplvu.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: Class - {CAB5449A-4D1D-F3DD-517A-3206407CB6EA} - C:\WINDOWS\SYSTEM\D3ZP.DLL

O4 - HKLM\..\Run: [SDKWZ.EXE] C:\WINDOWS\SYSTEM\SDKWZ.EXE
O4 - HKLM\..\RunOnce: [javanf.exe] C:\WINDOWS\javanf.exe
O4 - HKLM\..\RunOnce: [addwm32.exe] C:\WINDOWS\addwm32.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\PROGRAM FILES\MARKETBROWSER\LMT\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\PROGRAM FILES\MARKETBROWSER\LMT\MarketBrowser_Launch.xpy


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"

files...

C:\WINDOWS\SYSTEM\SDKWZ.EXE
C:\WINDOWS\lplvu.dll
C:\WINDOWS\SYSTEM\D3ZP.DLL
C:\WINDOWS\javanf.exe
C:\WINDOWS\addwm32.exe

folders...

C:\PROGRAM FILES\MARKETBROWSER

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting your PC, rescan with hijackthis and post a new log.
Let me know how things are now.

0

Well crunchie:

Looks like you've been busy this morning replying to everybody.

I ran into a problem on the first step. When I click the "scan now, it's free" I get the error window: "Microsoft Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience"

The details show this: AppName: iexplore.exe AppVer: 6.0.2800.1106 ModName: msvcrt.dll
ModVer: 6.0.8797.0 Offset: 000027a1

My current version is 6.0.2800.1106. I'm going to try and update my iexplorer and see if that will help. I just thought I would post this first in case you have any ideas to fix this.

Thanks

p.s. I do have the computer hooked up to a cable modem, so downloads size isn't too big of a worry for me.

EDIT: Looks like I may have the latest version running already.

0

Well, here are the logs that I've gone through. It seems that when I use Internet Explorer, AVG is finding trojans that are loading/trying to load. I've just been putting them into the virus vault for now. Not really sure what to do with them.

Here is the AVG Virus Vault List:

Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\IPWL.EXE 5/13/05 3:36:34 PM IPWL.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\MSHP.EXE 5/13/05 3:36:40 PM MSHP.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\NTOV.EXE 5/13/05 3:37:14 PM NTOV.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\ATLZC32.EXE 5/13/05 3:40:59 PM ATLZC32.EXE 11.75 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\MFCXY32.EXE 5/13/05 3:44:42 PM MFCXY32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\SDKSE32.EXE 5/13/05 3:44:45 PM SDKSE32.EXE 12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\APPDR.EXE 5/13/05 3:45:11 PM APPDR.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\WINTY32.EXE 5/13/05 3:45:28 PM WINTY32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\mfcin32.exe 5/14/05 8:21:14 AM mfcin32.exe 12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\javaze.exe 5/14/05 8:21:14 AM javaze.exe 11.81 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\mfcoe32.exe 5/14/05 8:21:14 AM mfcoe32.exe 11.21 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\NETBD.EXE 5/14/05 9:24:32 AM NETBD.EXE 11.91 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\CRXM.EXE 5/14/05 9:25:13 AM CRXM.EXE 11.61 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\IEXA32.EXE 5/14/05 9:26:44 AM IEXA32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\SYSJT.EXE 5/14/05 9:32:02 AM SYSJT.EXE 11.37 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\CRZG.EXE 5/14/05 9:33:05 AM CRZG.EXE 11.35 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\MFCAK32.EXE 5/14/05 9:41:48 AM MFCAK32.EXE 11.49 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\SYSYB32.EXE 5/14/05 10:06:04 AM SYSYB32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\MSXZ32.EXE 5/14/05 10:08:17 AM MSXZ32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\addtv.exe 5/14/05 12:26:37 PM addtv.exe 11.62 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\apiob.exe 5/14/05 12:26:37 PM apiob.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\adddf32.exe 5/14/05 12:26:37 PM adddf32.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\sysiu32.exe 5/14/05 12:26:38 PM sysiu32.exe 12.1 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\iexm.exe 5/14/05 12:26:38 PM iexm.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\addji32.exe 5/14/05 12:26:38 PM addji32.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\appgp32.exe 5/14/05 12:26:38 PM appgp32.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\ieez.exe 5/14/05 12:26:38 PM ieez.exe 11.18 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\crrf.exe 5/14/05 12:26:38 PM crrf.exe 11.4 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\atlbj.exe 5/14/05 12:26:38 PM atlbj.exe 11.46 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\d3sq32.exe 5/14/05 12:26:38 PM d3sq32.exe 11.57 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\mfcxo.exe 5/14/05 12:26:38 PM mfcxo.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\msiu.exe 5/14/05 12:26:38 PM msiu.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\NETPR32.EXE 5/14/05 12:38:11 PM NETPR32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\ADDUV32.EXE 5/14/05 12:38:59 PM ADDUV32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\JAVAHK.EXE 5/14/05 12:39:12 PM JAVAHK.EXE 12.1 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\NETGV32.EXE 5/14/05 12:39:51 PM NETGV32.EXE 11.75 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\D3WC.EXE 5/16/05 9:09:41 PM D3WC.EXE 11.78 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\D3ID32.EXE 5/16/05 9:55:47 PM D3ID32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\NTDD.EXE 5/16/05 9:56:35 PM NTDD.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\ATLKJ.EXE 5/16/05 9:57:31 PM ATLKJ.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\APPXW32.EXE 5/16/05 10:00:33 PM APPXW32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\MSHP32.EXE 5/16/05 10:02:34 PM MSHP32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\cruj.exe 5/17/05 8:24:05 AM cruj.exe 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\winba32.exe 5/17/05 8:24:05 AM winba32.exe 11.59 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\sysxz.exe 5/17/05 8:24:05 AM sysxz.exe 11.68 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\mfcud.exe 5/17/05 8:24:05 AM mfcud.exe 11.75 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\javanf.exe 5/17/05 8:24:06 AM javanf.exe 12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\addwm32.exe 5/17/05 8:24:06 AM addwm32.exe 11.42 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\mfcom.exe 5/17/05 8:24:06 AM mfcom.exe 11.81 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\SYSBW32.EXE 5/17/05 9:01:07 AM SYSBW32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\APPOW32.EXE 5/17/05 9:02:27 AM APPOW32.EXE 11.58 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\D3FV32.EXE 5/17/05 9:02:37 AM D3FV32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\IEIA32.EXE 5/17/05 9:06:59 AM IEIA32.EXE 11.63 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\IEVJ32.EXE 5/17/05 9:08:03 AM IEVJ32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\APILK32.EXE 5/17/05 9:09:39 AM APILK32.EXE 12.1 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\APPKF32.EXE 5/17/05 9:16:01 AM APPKF32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\D3FG.EXE 5/17/05 9:18:58 AM D3FG.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\ATLSR.EXE 5/17/05 10:30:57 AM ATLSR.EXE 12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\D3YQ.EXE 5/17/05 10:40:57 AM D3YQ.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\D3SV.EXE 5/17/05 10:41:02 AM D3SV.EXE 12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\ADDQO32.EXE 5/17/05 10:41:51 AM ADDQO32.EXE 11.19 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\ADDYP.EXE 5/17/05 10:45:51 AM ADDYP.EXE 11.54 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\SYSTEM\MSTP32.EXE 5/17/05 10:46:35 AM MSTP32.EXE 11.12 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\JAVAMR.EXE 5/17/05 10:48:24 AM JAVAMR.EXE 11.27 KB
Trojan horse Downloader.Agent.11.Q C:\WINDOWS\APPKS32.EXE 5/17/05 10:51:20 AM APPKS32.EXE 11.24 KB


About Buster Log File:

Scanned at: 9:54:48 AM on: 5/17/05


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 26


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

Hijackthis Log File:

Logfile of HijackThis v1.99.1
Scan saved at 10:47:36 AM, on 5/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\BRZTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\NETZZ32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {53BFD0CE-7626-C39B-489D-49E0CCDA7369} - C:\WINDOWS\SYSTEM\APIAU.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\DirectCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [hp helo] C:\HP\SUPPORT\Support Center\hp helo.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [BreezeTray] BrzTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [SDKWZ.EXE] C:\WINDOWS\SYSTEM\SDKWZ.EXE
O4 - HKLM\..\Run: [NETZZ32.EXE] C:\WINDOWS\SYSTEM\NETZZ32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [IEGB.EXE] C:\WINDOWS\IEGB.EXE /s
O4 - HKLM\..\RunServices: [ATLSR.EXE] C:\WINDOWS\SYSTEM\ATLSR.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL (file missing)
O12 - Plugin for .fml: C:\PROGRA~1\INTERN~1\PLUGINS\NPFML32.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: offline-8876480 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {1ED89B01-7FF4-11D9-9F03-0010B54AA410} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

0

You have a variant of the CoolWebSearch/Home Search Assistant parasite.

1. About:Buster should have helped, but it doesn't seemed to have done the trick. Please download and run these additional removal tools:

CWShredder
HSRemove


2. Run HiajckThis again and look for entries similar to the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\hxxsa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {53BFD0CE-7626-C39B-489D-49E0CCDA7369} - C:\WINDOWS\SYSTEM\APIAU.DLL
O4 - HKLM\..\Run: [BreezeTray] BrzTray.exe
O4 - HKLM\..\Run: [SDKWZ.EXE] C:\WINDOWS\SYSTEM\SDKWZ.EXE
O4 - HKLM\..\Run: [NETZZ32.EXE] C:\WINDOWS\SYSTEM\NETZZ32.EXE
O4 - HKLM\..\RunServices: [IEGB.EXE] C:\WINDOWS\IEGB.EXE /s
O4 - HKLM\..\RunServices: [ATLSR.EXE] C:\WINDOWS\SYSTEM\ATLSR.EXE /s


If such entries still exist, please go here and carefully follow the removal instructions given.

The infection uses random filenames, so the HijackThis log entries in the instructions are only for example; you will need to substitute the entries and filenames in the instructions with those I just listed above.

It should be pretty straightforward, but if you have questions, definitely ask us before proceeding. If you don't have questions, complete the entire proceedure and post a fresh HJT log here.

0

Well, at some point, interent explorer got messed up a little bit. It wouldn't let me open the program. Anytime I opened it up, I would get the blue screen of death flashing some fatal error. From the sounds of it, it seems the computer is pretty loaded with viruses/spyware/trojans. I decided to just save the important stuff and do a clean sweep.

But definitely THANKS for the help.

It's really appreciated!!

0

Oh, well. sometimes that's the fastest way to clean things up if you're really heavilly infested.

However, unless you take some preventative steps immediately after reinstalling Windows, you can become reinfected again in less than 20 minutes of being connected to the Net (no.. I'm not kidding). :(

Once you've gotten the base reinstall of Windows up and running, here are some measures you take before doing anything else:

1. Use Windows Automatic Update function to get your system as up-to-date as possible with the most current Microsoft security and bug fixes.

2. Stop using Internet Explorer as your web browser. Because IE is so closely tied into the Windows operating system itself and contains so many security flaws, switching to another browser such as Netscape, Firefox, or Opera will greatly reduce the avenues through which spyware/adware/hijackers/etc. can infect your computer.

3. Install preventative utilities such as SpywareBlaster and SpywareGuard (links are in my sig below), especially if you absolutely have to continue using Internet Exploder. These utilities protect areas of your system known to be vulnerable to malicious attacks.

4. Tighten up some of Internet Explorer's existing, default settings to make it more secure. Some info on that can be found here: http://tomcoyote.org/ieoe.php

5. Obviously-install a good anti-virus program and enable its "auto-protect" and email-scanning features.

6. Install a stand-alone firewall program such as Zone Alarm or Kerio Personal Firewall, or purchase the "Internet Security" packages offered by Symantec and McAfee.

7. None of your utilities are of much good if you don't check for updates frequently; updates for anti-spyware/anti-virus programs can be released as often as ever two or three days.

0

Thanks!! I will definitely take those precautions. What web browser do you guys personally like to use? I've had issues with netscape on a few different machines. It seems to really "crunch" the computer at times.

Anyways, you have been a great help!

0

In the days before Firefox was actually Firefox (Phoenix/Firebird) and ready for Prime Time, I used Netscape primarily, and sometimes Opera. But I too found that, as newer versions were released, Netscape was becoming too to "Boggy and Cloggy".

I still use Netscape on my Linux boxen sometimes (it doesn't seem to suffer from the problems that the Win versions do), but Firefox has been my main browser on both platforms for some time now.

0

If you have a windows 98se computer then the hightest Ie that you should have is 5.5 I know windows wnats you to go to 6. but 98 really can not handle it. Your computer is really getting outdated you may want to think about getting a newer one. If not then just reformat your hard drive and start over. Your problem may be more then spyware and addware, a lot of the updates may be causeing the problems.

0

Thanks!! I will definitely take those precautions. What web browser do you guys hzdll.dll and hoo.dll I've had issues with netscape on a few different machines. It seems to really "crunch" the computer at times.

Anyways, you have been a great help!

Try Firefox and Opera and use the one you prefer :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.