Can't get rid of Altnet

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Spybot and MS spyware keep finding this threat but don't remove it. Anyone
know how I can get rid of it.

Gord

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Previously posted by Malke:

"Altnet Removal Instructions


Before you delete it, it must have it permission changed:


Open the registry (Start->Run->regedit) and select the keys


[HKEY_LOCAL_MACHINE\\Software\­\Altnet]
[HKEY_LOCAL_MACHINE\\SOFTWARE\­\Altnet\\Dashboard]
[HKEY_LOCAL_MACHINE\\SOFTWARE\­\Microsoft\\Windows\\CurrentVe­rsion\\App
Management\\ARPCache\\AltnetDM­]
[HKEY_LOCAL_MACHINE\SOFTWARE\M­icrosoft\Windows\CurrentVersio­n\SharedDLLs]
\"C:\WINDOWS\Temp\Altnet\msvci­rt.dll\"=dword:00000001
[HKEY_USERS\S-1-5-21-14627781-­1401277002-153983898-1006\Soft­ware\Microsoft\\Search
Assistant\ACMru\5603]
\"000\"=\"altnet\"
[HKEY_USERS\S-1-5-21-14627781-­1401277002-153983898-1006\Soft­ware\Microsoft\Windows\Curre
nt­Version\\Explorer\MenuOrder\\S­tart
Menu2\Programs\Altnet]


Start with the top folder which is Altnet and work down and follow these
instruction to change the permission for all folders.


Right click on Altnet then click on permission, click on add, click on
advanced, click on find now, and look for your log on name and click on
okay twice to get back to permissions for Altnet. Now, put a check mark
in the boxes for allow after click on advanced, click on the tab for
owner and highlight your log under \'change owner to\' and check the
box that say\'s : \'Replace permission entries on all child objects
with entries shown here that apply to child objects\\' and click on ok,
click on apply and click ok. Continue the same for the rest of the
folders listed.


After the changing the permission, end the ?Altnet? process from the
Task Manager (ctrl-alt-delete). Having successfully done this you
should be able to delete the entire ?Altnet? folder."


See if that does it for you. And of course you must be doing all this
work in Safe Mode.
--

T.C.
t__cruise@[NoSpam]hotmail.com
Remove [NoSpam] to reply





"Gord" <Gord@discussions.microsoft.com> wrote in message
news😀A597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
> Spybot and MS spyware keep finding this threat but don't remove it. Anyone
> know how I can get rid of it.
>
> Gord

 

[Rock]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Gord wrote:

> Spybot and MS spyware keep finding this threat but don't remove it. Anyone
> know how I can get rid of it.
>
> Gord

A google search came up with this:
http://www.spywareremove.com/removeAltnet.html

There are other links too.

--
Rock
MS MVP Windows - Shell/User

 

[Rock]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Gord wrote:

> Spybot and MS spyware keep finding this threat but don't remove it. Anyone
> know how I can get rid of it.
>
> Gord

Gord, please don't post HJT logs here. There are forums for that
purpose. I gave you some links on how to remove altnet.

--
Rock
MS MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

Gord wrote:
> Spybot and MS spyware keep finding this threat but don't remove it. Anyone
> know how I can get rid of it.
>
> Gord

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Do you have the current versions they should. Download, install, update and
run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
to see it not them.


HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Gord" <Gord@discussions.microsoft.com> wrote in message
news😀A597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
> Spybot and MS spyware keep finding this threat but don't remove it. Anyone
> know how I can get rid of it.
>
> Gord

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <U6qQe.385$Kk1.7@newssvr19.news.prodigy.com>, pcbutts1
@seedsv.com says...
> Ad-Aware
> http://www.pcbutts1.com/downloads/aawsepersonal.exe
>
> Spybot search and destroy
> http://www.pcbutts1.com/downloads/spybotsd14.exe
>
> Ewido Security Suite Trial version
> http://www.pcbutts1.com/downloads/ewidosetup.exe

Don't trust downloads from sites that you don't know. Please download
the software from the vendors sites so that you KNOW what you are
getting and what it does - including the FAQ.

You don't know anything about the above site and there is no support
documents and no links to the vendors websites for you to view.

Oh, and the person that owns the above sites has not provided any proof
that he has permission to host the files against the information
provided by the vendors.

--

spam999free@rrohio.com
remove 999 in order to email me

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Here is the log.
Logfile of HijackThis v1.97.7
Scan saved at 10:22:01 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F33B84B4-9B35-0407-3C12-7ABB0397E43F} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton
SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~2\NORTON~3\QDCSFS.exe
/scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Lwinst Run Profiler]
C:\PROGRA~1\Logitech\WINGMA~1\Lwinst.exe -d -l
"C:\PROGRA~1\Logitech\WINGMA~1\Lwpevntm.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search &
Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: EmpirePoker (HKLM)
O9 - Extra 'Tools' menuitem: EmpirePoker (HKLM)
O9 - Extra button: PartyPoker.com (HKLM)
O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: symsupportutil -
https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Cribbage -
http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Euchre -
http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} -
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
http://down.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client
Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} -
http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
Conferencing) -
http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {4BF7A372-9004-4CD5-9E91-1FDCC03CA8A9} (Eyeball Video Messaging
Control) - http://imlive.com/chatsource/vmcontrol.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) -
http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.4434027778
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: bwh0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} -
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BWPlugProtocol-8876480.dll



"pcbutts1" wrote:

> Do you have the current versions they should. Download, install, update and
> run all of the following.
>
> Ad-Aware
> http://www.pcbutts1.com/downloads/aawsepersonal.exe
>
> Spybot search and destroy
> http://www.pcbutts1.com/downloads/spybotsd14.exe
>
> Ewido Security Suite Trial version
> http://www.pcbutts1.com/downloads/ewidosetup.exe
>
> Microsoft Windows AntiSpyware (Beta1)
> http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
>
> If none of the above fixes the issue then download Hijack this, run it, save
> a copy of the log file and cut and paste it back here to this group so that
> I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
> to see it not them.
>
>
> HijackThis
> http://www.pcbutts1.com/downloads/HijackThis.zip
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Gord" <Gord@discussions.microsoft.com> wrote in message
> news😀A597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
> > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
> > know how I can get rid of it.
> >
> > Gord
>
>
>

 

[Rock]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Gord wrote:

> Here is the log.
> Logfile of HijackThis v1.97.7
> Scan saved at 10:22:01 PM, on 8/30/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>

<snip>

Gord, HJT logs should _not_ be posted here. Here are some forums to
post them.

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/


--
Rock
MS MVP Windows - Shell/User

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Agreed, Gord.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

Rock wrote:
> Gord wrote:
>
> > Here is the log.
> > Logfile of HijackThis v1.97.7
> > Scan saved at 10:22:01 PM, on 8/30/2005
> > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> >
>
> <snip>
>
> Gord, HJT logs should _not_ be posted here. Here are some forums to
> post them.
>
> Forums to Interpret HijackThis Logs:
>
> http://www.spywareinfo.com/forums/
> http://forum.aumha.org/viewforum.php?f=30
> http://forums.tomcoyote.org/
> http://www.wilderssecurity.com/

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Gord I never seen your log Repost it right here again. Ignore rock.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Gord" <Gord@discussions.microsoft.com> wrote in message
news😀A597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
> Spybot and MS spyware keep finding this threat but don't remove it. Anyone
> know how I can get rid of it.
>
> Gord
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Also use this current version, yours is outdated.

HijackThis
http://www.pcbutts1.com/downloads/HijackThis.zip

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"pcbutts1" <pcbutts1@seedsv.com> wrote in message
news:TTuRe.76$pt.5@newssvr29.news.prodigy.net...
> Gord I never seen your log Repost it right here again. Ignore rock.
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Gord" <Gord@discussions.microsoft.com> wrote in message
> news😀A597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
>> Spybot and MS spyware keep finding this threat but don't remove it.
>> Anyone
>> know how I can get rid of it.
>>
>> Gord
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

In article <TTuRe.76$pt.5@newssvr29.news.prodigy.net>, pcbutts1
@seedsv.com says...
> Gord I never seen your log Repost it right here again. Ignore rock.

The nice people from Spybot Search & Destroy, their legal department,
actual contact name of "Kai Pohl" are looking into your hosting of their
files without permission and without credit being given to them. You can
reach him at legal@spybot.info

And posting of HJ logs to non-HJ forums/groups is not acceptable.

--

spam999free@rrohio.com
remove 999 in order to email me