Overwhelmed with spyware

Rocky · Jan 16, 2005

Ok well I usually pride myself on a clean and spyware free computer. But recently after I decided to download an emulator, I've been attacked by spyware that I simply can't get rid of. I usually just use spybot and ad-aware, but they don't seem to detect it. So after looking around I downloaded this microsoft cleaner. This worked, it picked everything up and removed it. However a day later it all came back and now the same microsoft scanner doesn't detect anything. My friend reccommended Spyware doctor. Which worked the same as the microsoft one (cleaned temporarily, came back, doesn't detect anymore.) I think there's something thats attacking the scanners and preventing them from detecting the problems. The spyware comes with random stupid ads and has invaded my favourites folder with sites that can't be deleted. I also ran a virus scan but that also turned up a blank. Can anyone help?

ReCkOninG of FirE · Jan 16, 2005

Thats very weird spyware, never encountered it but hit ctrl alt delete and check the processes first before you scan, then endtask any you think are suspicous then try scanning it again and removing it, also, run msconfig and see if there are any start up processes that shouldnt be there, i dont think it will help but thats all i can offer sorry, hope i never encounter these things

Rocky · Jan 16, 2005

I always check msconfig for startup stuff and it all looks normal to me (theres a few I don't know but I've always had those.)
I might try the processes thing. Otherwise its formatting for me

Tassadar · Jan 16, 2005

Sounds like there is something that's running that could be reloading the spyware after it's deleted. Make sure you update your cleaners too, though I'm sure you have.

Rocky · Jan 16, 2005

Reloading them preventing the scanners from picking it up again, but I'm damned if I can figure out how to stop it.

Smith| · Jan 16, 2005

Rocky87 said:
But recently after I decided to download an emulator, I've been attacked by spyware that I simply can't get rid of.

..............

Try not to download things that you know to be spyware infested D:, that's the best anti-spyware.

Tsunami · Jan 16, 2005

Sounds more like a Trojan than spyware.

Lid · Jan 16, 2005

get hijack this, run it, and post the log here

imkongkong · Jan 16, 2005

you probably have a trojan.. i had a peper trojan before, and what it does is when you delete it, it will recreate the virus again in a different name.

Ravendust · Jan 16, 2005

Yeah i'd suggest HijackThis as well, and get Stinger in case it's a Trojan/Worm.

http://www.spychecker.com/program/hijackthis.html

http://vil.nai.com/vil/stinger/

Synth · Jan 16, 2005

I recommend this.

Rocky · Jan 17, 2005

It probably is a trojan and yeah I know I shouldn't have gotten the emulator but I just couldn't resist and now I'm kicking myself for giving into temptation...Anyway here is the log from HijackThis, I actually don't understand it.

Logfile of HijackThis v1.99.0
Scan saved at 3:54:26 PM, on 1/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\program files\steam\steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {230A19CD-EFA3-2F71-7506-D3B7A75D9851} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [supportvctwojoy] C:\Documents and Settings\All Users\Application Data\OBJBIRDSUPPORTVC\ENCTONS.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C: \Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {732101F2-3FA2-41A5-9ECE-7A3694CD164F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

EDIT---------------------------

Ok I ran the stinger scan as well and it came up blank. Also I have no idea how to use Hijack this and it clearly warns me not to use it if you have no idea what to do with it. So with that log could Lid or somebody who's familliar with it please give some advice? I'm gonna get what Hwo suggested and run that scan.

Ravendust · Jan 17, 2005

See if you can match any suspicious running programs to this list and it'll tell you if they're spyware or not.

http://www.liutilities.com/products/wintaskspro/processlibrary/

Rocky · Jan 17, 2005

C:\WINDOWS\system32\lsass.exe <--- I looked this one up with this definition:
lass.exe is a process which is registered as the Troj.Bdoor.AKM Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process

I'm thinking I use attack this to clean up everything. Going through all of these is gonna take ages.

ReCkOninG of FirE · Jan 18, 2005

did u download an xbox emulator by any chance, cuz i know theres one floating around that gives you a trojan

Lid · Jan 18, 2005

Rocky87 said:
C:\WINDOWS\system32\lsass.exe <--- I looked this one up with this definition:
lass.exe is a process which is registered as the Troj.Bdoor.AKM Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately. Please see additional details regarding this process

I'm thinking I use attack this to clean up everything. Going through all of these is gonna take ages.

NO NO NO NO NO NO NO! lsass.exe is a necessary system file. There was a file called lssas.*** I forget the extension which was a trojan, but it was there to hide be mistaken as the .exe but not the exe itself. THE EXE IS REQUIRED FOR WINDOWS TO RUN.

Tassadar · Jan 18, 2005

lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service

Description:
lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. Note: lsass.exe also relates to the Windang.worm, irc.ratsou.b, Webus.B, MyDoom.L, Randex.AR, Nimos.worm which spread via floppy disk drives, mass-mailing and peer-to-peer sharing. Please review file path for clarification of this.

Author: Microsoft Corp.
Part Of: Microsoft Windows Operating System

System Process: Yes
Background Process: Yes
Uses Network: No
Hardware Related: No
Common Errors: N/A

Security Risk (0-5): 0
Virus: No
Spyware: No
Trojan: No

Lid is quite right. Definatly don't delete lsass. If things are really that bad then you should probably format. I'm due for one myself, and your lucky that you have the option to back things up. CD Burners (although priced around 20 bucks) are quite priceless in terms of usefulness you know.

Lid · Jan 18, 2005

lsass.bat was the trojan

Rocky · Jan 18, 2005

Ok so what should I be doing? Format or can it be cleaned? (I got a dvd burner so I can back everything up)

Gonadz · Jan 18, 2005

www.hitmanpro.nl

Best weapon against spyware.

Overwhelmed with spyware

King of the Hello Kitty Fanclub

New Member

King of the Hello Kitty Fanclub

New Member

King of the Hello Kitty Fanclub

New Member

New Member

Lid

Guest

New Member

New Member

brainfeeder

King of the Hello Kitty Fanclub

New Member

King of the Hello Kitty Fanclub

New Member

Lid

Guest

New Member

Lid

Guest

King of the Hello Kitty Fanclub

New Member

Users who are viewing this thread