Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: win32.agent.bck infestation

  1. 10-02-2007, 01:06 PM #1
    gene593
    gene593 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    win32.agent.bck infestation

    Hoping someone can help. I am running WinXP Pro, Kaspersky 7. I also ran SpyBot and removed what it found, but it doesn't help in the long run.


    I keep getting warnings regarding the Trojan.Win32.Agent.bck and Trojan-Downloader.Win32 no matter what I do.

    I ran CleanXP+ (in safe mode) but some files would not delete.

    I then ran the AVG Rootkit (it would only run in normal mode) No files were found.

    I then ran AnalyzerXP 3.7 - in safe mode. Below is the log.

    If there is something else, or in a different sequence, please let me know.
    Thanks for any help. This is a tough one - at least for me.


    [==========] AnalyzerXP 3.7 by TL - IANAG (forum.networktechs.com) [==========]


    Tue 10/02/2007
    01:48 PM

    Some of the files listed could be safe and valid, so before you do anything, research further.
    You could also submit this log on forum.networktechs.com - Spyware Central for help.

    Volume in drive C has no label.
    Volume Serial Number is 3C0E-35F9

    Directory of C:\WINDOWS\Tasks

    08/30/2007 02:18 PM 284 AppleSoftwareUpdate.job
    1 File(s) 284 bytes
    0 Dir(s) 31,397,335,040 bytes free


    TaskName Next Run Time Status
    ==================================== ======================== ===============
    AppleSoftwareUpdate 19:53:00, 10/6/2007
    MP Scheduled Scan 01:36:00, 10/3/2007

    INFO: No event triggers found.


    =====] Looking for suspicious file types in WINDOWS folder:

    W32i - - - - 37,027 12-12-2004 c:\windows\atmoun.exe
    W32i - - - - 118,784 12-01-2006 c:\windows\bwunin-7.2.0.137-8876480sl.exe
    W32i - - - - 118,784 12-01-2006 c:\windows\bwunin-7.2.0.157-8876480sl.exe
    W32i - - - - 421,888 07-13-2004 c:\windows\nero photoshow.scr
    W32i - - - - 99,965 08-26-2005 c:\windows\uninstallfirefox.exe

    Volume in drive C has no label.
    Volume Serial Number is 3C0E-35F9

    Directory of C:\WINDOWS

    07/17/2004 02:40 PM 19,528 002394_.tmp
    3 File(s) 1,119,049 bytes
    0 Dir(s) 31,397,335,040 bytes free


    W32i - - - - 84,544 09-27-2007 c:\windows\system32\aqgdcoxq.dll
    W32i - - - - 1,544,542 01-28-2004 c:\windows\system32\avcodec.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\awttusq.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\byxwtqo.dll
    W32i - - - - 36,864 08-01-2001 c:\windows\system32\cnmcp36.exe
    W32i - - - - 5,632 08-06-2001 c:\windows\system32\cnmvs36.dll
    DOS - - - - 9,833 09-03-2001 c:\windows\system32\ddmi.vxd
    W32i - - 6.0.0.1571 dbg 692,224 08-09-2005 c:\windows\system32\divxdec.ax
    W32i - - 0.0.0.26 shp 356,436 08-09-2005 c:\windows\system32\divxmedia.ax
    W32i - - - - 524,288 08-09-2005 c:\windows\system32\divxsm.exe
    DOS - - - - 9,321 11-11-2001 c:\windows\system32\dlpt.vxd
    W32i - - - - 126,976 02-10-2003 c:\windows\system32\e1000msg.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\efcawwt.dll
    W32i - - - - 111,376 08-10-2004 c:\windows\system32\expat.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\fccaxyv.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\gebcdec.dll
    W32i - - - - 321,632 09-25-2007 c:\windows\system32\geede.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\jkkheee.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\jkkklji.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\khfdcbb.dll
    W32i - - - - 87,104 10-01-2007 c:\windows\system32\kvkyxfdv.dll
    W32i - - - - 91,136 11-22-2000 c:\windows\system32\lfkodak.dll
    W32i - - - - 831,488 08-09-2005 c:\windows\system32\libeay32.dll
    W32i - - - - 1,663,068 12-12-2003 c:\windows\system32\libmmd.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\mljkjge.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\opnmmji.dll
    W32i - - - - 77,376 10-02-2007 c:\windows\system32\opnmmmer.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\pmnnonn.dll
    W32i - - - - 85,056 10-02-2007 c:\windows\system32\qiocrjib.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\qommlih.dll
    W32i - - - - 207,872 11-13-1998 c:\windows\system32\rdmwin32.dll
    W32i - - - - 87,104 10-01-2007 c:\windows\system32\rhnfxteg.dll
    W32i - - - - 85,056 10-02-2007 c:\windows\system32\rjqhreev.dll
    W32i - - - - 87,104 10-01-2007 c:\windows\system32\rnwksluv.dll
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\rqrrqpm.dll
    W32i - - - - 159,744 08-09-2005 c:\windows\system32\ssleay32.dll
    W16 - - - - 1,409 02-07-2006 c:\windows\system32\tmp414d8.fot
    W16 - - - - 1,409 02-07-2006 c:\windows\system32\tmp6c3d8.fot
    W16 - - - - 1,409 02-07-2006 c:\windows\system32\tmp793d8.fot
    W16 - - - - 1,409 02-07-2006 c:\windows\system32\tmpe15d8.fot
    W32i - - - - 35,328 09-26-2007 c:\windows\system32\tuvvtqn.dll
    W32i - - - - 69,184 10-01-2007 c:\windows\system32\vlhqrnli.dll
    W32i - - - - 136,192 09-07-1999 c:\windows\system32\wbcdflsh.dll
    W32i - - - - 30,208 06-11-1997 c:\windows\system32\wnaspi32.dll
    W32i - - - - 87,104 10-01-2007 c:\windows\system32\wyhsspaw.dll

    12/15/2006 10:41 PM 0 REN10F3.tmp
    12/15/2006 10:41 PM 0 REN10F4.tmp
    10/18/2006 09:47 PM 2,450,944 SET10FD.tmp
    10/18/2006 09:47 PM 99,840 SET1144.tmp
    10/18/2006 09:47 PM 222,208 SET10F1.tmp
    02/25/2006 05:56 PM 0 REN390.tmp
    02/25/2006 05:56 PM 0 REN38F.tmp

    09/06/2006 12:01 AM 2,455,488 ieapfltr.dat
    06/27/2006 10:14 PM 256 chklist.dat

    06/27/2006 10:14 PM 313,856 xwebpic.ocx


    =====] Looking for suspicious file types in Current User profile:

    W32i - - - - 3,584 09-06-2004 c:\documents and settings\administrator\application data\microsoft\installer\{121634b0-2f4a-11d3-ada3-00c04f52dd53}\icon386ed4e3.exe
    W32i - - - - 65,536 04-23-2007 c:\documents and settings\administrator\application data\microsoft\installer\{83ecc084-a13c-4c90-bf35-57a2e0ffb5cd}\arpproducticon.exe
    W32i - - - - 40,960 04-23-2007 c:\documents and settings\administrator\application data\microsoft\installer\{83ecc084-a13c-4c90-bf35-57a2e0ffb5cd}\newshortcut1.exe
    W32i - - - - 40,960 04-23-2007 c:\documents and settings\administrator\application data\microsoft\installer\{83ecc084-a13c-4c90-bf35-57a2e0ffb5cd}\newshortcut1_1.exe
    W32i - - - - 65,536 04-23-2007 c:\documents and settings\administrator\application data\microsoft\installer\{83ecc084-a13c-4c90-bf35-57a2e0ffb5cd}\versamailsetupe.exe
    W32i - - - - 423,736 10-02-2007 c:\documents and settings\administrator\application data\mozilla\firefox\profiles\egp7nmir.default\cac he\25162eecd01
    W32i - - - - 67,249 10-02-2007 c:\documents and settings\administrator\application data\mozilla\firefox\profiles\egp7nmir.default\cac he\5041edd7d01
    W32i - - - - 1,284,112 10-01-2007 c:\documents and settings\administrator\application data\mozilla\firefox\profiles\egp7nmir.default\cac he\540b5895d01
    W32i - - - - 220,417 10-02-2007 c:\documents and settings\administrator\application data\mozilla\firefox\profiles\egp7nmir.default\cac he\e57146cfd01


    W32i DLL ENU 1.0.0.1 shp 112,312 06-12-2002 c:\windows\downloaded program files\activedata.dll
    W32i APP ENU 2004.12.14.55 shp 202,352 08-23-2005 c:\windows\downloaded program files\avsniff.dll
    W32i DLL ENU 1.0.0.1 shp 198,256 08-23-2005 c:\windows\downloaded program files\avsniffdlgs.dll
    W32i DLL ENU 1.0.0.3 shp 188,416 08-19-2005 c:\windows\downloaded program files\axhost.dll
    W32i DLL ENU 1.75.0.7 shp 135,168 02-14-2003 c:\windows\downloaded program files\cdtool.dll
    W32i DLL ENU 2.2.0.1 shp 241,664 10-23-2006 c:\windows\downloaded program files\cpcscan.dll
    DOS - - - - 6,899 08-31-2005 c:\windows\downloaded program files\ecbootil.vxd
    W32i DLL ENU 51.2.0.12 shp 288,376 08-31-2005 c:\windows\downloaded program files\ecmsvr32.dll
    W32i DLL ENU 3.5.122.2 shp 1,935,120 11-03-2005 c:\windows\downloaded program files\facebookphotouploader.ocx
    W32i DLL ENU 1.0.0.0 shp 65,272 09-09-2004 c:\windows\downloaded program files\gdichk.dll
    W32i DLL - 1.0.28.0 shp 468,696 01-12-2004 c:\windows\downloaded program files\grooveax.dll
    W32i DLL ENU 3.1.0.0 shp 86,304 12-13-2004 c:\windows\downloaded program files\hpgetdownloadmanager.ocx
    W32i DLL ENU 6.2.0.5 shp 102,912 06-02-2000 c:\windows\downloaded program files\ipixx.ocx
    W32i APP ENU 3.1.0.5 shp 111,752 10-27-2004 c:\windows\downloaded program files\lssupctl.dll
    DOS - - - - 6,850 08-23-2005 c:\windows\downloaded program files\navapi.vxd
    W32i DLL ENU 4.2.0.8 shp 201,896 08-23-2005 c:\windows\downloaded program files\navapi32.dll
    W32i DLL ENU 20051.2.0.18 shp 124,536 08-31-2005 c:\windows\downloaded program files\naveng32.dll
    W32i DLL ENU 20051.2.0.18 shp 706,168 08-31-2005 c:\windows\downloaded program files\navex32a.dll
    W32i DLL ENU 6.0.0.11 shp 520,349 06-03-2004 c:\windows\downloaded program files\rdxie.dll
    W32i APP ENU 2004.6.23.42 shp 161,432 08-23-2005 c:\windows\downloaded program files\rufsi.dll
    W32i DLL ENU 2.0.0.2 shp 157,288 12-20-2004 c:\windows\downloaded program files\symadata.dll
    W32i DLL ENU 1.0.0.9 shp 164,352 12-14-2001 c:\windows\downloaded program files\testgenxinstall.dll
    W32i DLL - 4.50128.1137.0 shp 110,592 01-28-2005 c:\windows\downloaded program files\topagent.dll
    W32i APP ENU 1.1.465.300 shp 55,704 04-27-2006 c:\windows\downloaded program files\vmkeyboardhook.dll
    W32i DLL ENU 1.1.465.300 shp 529,304 04-27-2006 c:\windows\downloaded program files\vmrcactivexclient.dll




    =====] List of files located at the root of the C Drive:

    Volume in drive C has no label.
    Volume Serial Number is 3C0E-35F9

    Directory of C:\

    12/06/2005 05:47 PM 10,920 aolconnfix.exe
    05/25/2005 01:08 PM 0 FileIn.Cns
    05/25/2005 01:08 PM 0 FileOut.Cns
    03/15/2005 06:59 PM 33,436 iTrip.xml
    09/30/2007 12:47 AM 268 sqmdata00.sqm
    09/30/2007 06:45 PM 268 sqmdata01.sqm
    09/30/2007 07:23 PM 268 sqmdata02.sqm
    09/30/2007 08:56 PM 268 sqmdata03.sqm
    09/30/2007 09:45 PM 268 sqmdata04.sqm
    10/01/2007 07:22 AM 268 sqmdata05.sqm
    10/01/2007 10:25 AM 268 sqmdata06.sqm
    10/01/2007 12:04 PM 268 sqmdata07.sqm
    10/01/2007 03:45 PM 268 sqmdata08.sqm
    10/01/2007 10:26 PM 268 sqmdata09.sqm
    10/01/2007 10:47 PM 268 sqmdata10.sqm
    10/02/2007 07:09 AM 268 sqmdata11.sqm
    10/02/2007 09:50 AM 268 sqmdata12.sqm
    10/02/2007 12:46 PM 268 sqmdata13.sqm
    10/02/2007 01:17 PM 268 sqmdata14.sqm
    09/28/2007 10:35 AM 268 sqmdata15.sqm
    09/28/2007 12:13 PM 268 sqmdata16.sqm
    09/28/2007 07:59 PM 268 sqmdata17.sqm
    09/28/2007 08:16 PM 268 sqmdata18.sqm
    09/28/2007 08:34 PM 268 sqmdata19.sqm
    09/30/2007 12:47 AM 244 sqmnoopt00.sqm
    09/30/2007 06:45 PM 244 sqmnoopt01.sqm
    09/30/2007 07:23 PM 244 sqmnoopt02.sqm
    09/30/2007 08:56 PM 244 sqmnoopt03.sqm
    09/30/2007 09:45 PM 244 sqmnoopt04.sqm
    10/01/2007 07:22 AM 244 sqmnoopt05.sqm
    10/01/2007 10:25 AM 244 sqmnoopt06.sqm
    10/01/2007 12:04 PM 244 sqmnoopt07.sqm
    10/01/2007 03:45 PM 244 sqmnoopt08.sqm
    10/01/2007 10:26 PM 244 sqmnoopt09.sqm
    10/01/2007 10:47 PM 244 sqmnoopt10.sqm
    10/02/2007 07:09 AM 244 sqmnoopt11.sqm
    10/02/2007 09:50 AM 244 sqmnoopt12.sqm
    10/02/2007 12:46 PM 244 sqmnoopt13.sqm
    10/02/2007 01:17 PM 244 sqmnoopt14.sqm
    09/28/2007 10:35 AM 244 sqmnoopt15.sqm
    09/28/2007 12:13 PM 244 sqmnoopt16.sqm
    09/28/2007 07:59 PM 244 sqmnoopt17.sqm
    09/28/2007 08:16 PM 244 sqmnoopt18.sqm
    09/28/2007 08:34 PM 244 sqmnoopt19.sqm
    10/02/2007 01:14 PM 497 stub.log
    01/28/2005 11:43 AM 49,152 TONtsExt.dll
    09/25/2007 11:41 AM 106,925 VETlog.dmp
    03/06/2006 06:42 PM 425 xinstall.log
    63 File(s) 223,551 bytes
    0 Dir(s) 31,397,326,848 bytes free



    =====] Directory Analysis - PROGRAM FILES:

    02/12/2007 11:47 AM <DIR> ItsDeductible2006
    11/03/2006 06:20 PM <DIR> proDAD
    11/03/2006 06:09 PM <DIR> AdorageI-SAL
    11/03/2006 06:09 PM <DIR> AdorageI-GfxDatas
    11/03/2006 05:20 PM <DIR> SmartSound Software
    11/03/2006 05:13 PM <DIR> Pinnacle
    08/29/2006 01:54 PM <DIR> Dell
    05/19/2006 01:43 PM <DIR> NetEraserTrial
    03/28/2006 07:22 PM <DIR> SQLyog
    03/28/2006 07:19 PM <DIR> PHP Coder
    01/30/2006 02:43 PM <DIR> ItsDeductible2005
    01/28/2006 03:39 PM <DIR> AOL games

    (Ignore the ones you know of)


    =====] Directory Analysis - COMMON FILES (subfolder of Program Files folder):

    04/27/2006 04:56 PM <DIR> Canon



    =====] Directory Analysis - WINDOWS folder:

    Volume Serial Number is 3C0E-35F9

    Directory of C:\WINDOWS

    10/02/2007 07:15 AM <DIR> ERUNT
    01/10/2007 10:58 PM <DIR> ie7updates
    11/22/2006 12:58 AM <DIR> WBEM
    11/22/2006 12:56 AM <DIR> ie7
    11/22/2006 12:54 AM <DIR> network diagnostic
    11/06/2006 02:07 PM <DIR> DvzCommon
    01/30/2006 04:47 PM <DIR> ItsDeductible
    03/11/2005 05:04 PM <DIR> BBSTORE
    01/21/2005 04:36 PM <DIR> InCD
    09/14/2004 07:05 PM <DIR> Downloaded Installations
    09/10/2004 06:54 PM <DIR> occache
    09/06/2004 10:34 PM <DIR> Intuit
    09/06/2004 11:47 AM <DIR> Minidump
    0 File(s) 0 bytes
    210 Dir(s) 31,397,318,656 bytes free


    =====] Process Analysis - User-based processes with their Services:


    Image Name PID Services
    ========================= ====== =============================================


    =====] Process Analysis - Currently running Service based Processes:


    Image Name PID Session Name Session# Mem Usage
    ========================= ====== ================ ======== ============
    MsMpEng.exe 1252 Console 0 19,376 K



    =====] Executables created since 10-1-2007 :

    "C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\"
    uninst~1.exe Oct 2 2007 74580 "Uninstall.exe"

    "C:\Documents and Settings\Administrator\Desktop\virus\"
    cbo_se~1.exe Oct 1 2007 1284112 "CBO_Setup_4.25.exe"
    sdfix.exe Oct 1 2007 1159340 "SDFix.exe"
    sdsetup.exe Oct 1 2007 15613824 "sdsetup.exe"
    virtum~1.exe Oct 1 2007 96978 "VirtumundoBeGone-1.exe"

    "C:\Documents and Settings\Administrator\Desktop\virus\New Folder\"
    analyz~2.exe Oct 2 2007 220417 "AnalyzerXP 3.7.exe"
    avgark~1.exe Oct 2 2007 423736 "avgarkt-setup-1.1.0.42.exe"
    cleanu~1.exe Oct 2 2007 67249 "CleanupXP.exe"

    8 items found: 8 files, 0 directories.
    Total of file sizes: 18,940,236 bytes 18.06 M



    =====] System Variables:

    ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
    APPDATA=C:\Documents and Settings\Administrator\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=G-67DOZSU5CRDZ8
    ComSpec=C:\WINDOWS\system32\cmd.exe
    date=10-1-2007
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Administrator
    LOGONSERVER=\\G-67DOZSU5CRDZ8
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0209
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
    SAFEBOOT_OPTION=NETWORK
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=G-67DOZSU5CRDZ8
    USERNAME=Administrator
    USERPROFILE=C:\Documents and Settings\Administrator
    windir=C:\WINDOWS


    [====================] End of Log [====================]
    Reply With Quote Reply With Quote
  2. 10-02-2007, 01:31 PM #2
    gene593
    gene593 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    Additional Info

    Here is the report from KAspersky.

    Infected: riskware not-a-virus:PSWTool.Win32.Aster.55 c:\program files\program files\passware\ariskkey.dll 19 KB
    Infected: Trojan program Trojan.Win32.Agent.bck c:\windows\system32\nqsaclpb.exe 73.6 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\WINDOWS\SYSTEM32\KGDFXYNK.EXE 73.6 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\A75234Y4\valera[1] 73.5 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\windows\system32\hgncgsvl.exe 73.6 KB
    Infected: Trojan program Trojan.JS.Relink.a c:\documents and settings\main\local settings\application data\identities\{587d7095-e882-47cb-a208-12e259b9d236}\microsoft\outlook express\inbox.dbx 50.8 MB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8H8VN25M\valera[1] 73.5 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\windows\system32\auliwcnn.exe 73.6 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WO13WE8S\valera[1] 73.5 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\windows\system32\aerwcgcq.exe 73.6 KB
    Infected: riskware not-a-virusownloader.Win32.PopCap.b c:\windows\downloaded program files\popcaploader.dll 128 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\WINDOWS\SYSTEM32\YBYPNVXO.EXE 73.6 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\496YC740\valera[1] 13.1 KB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QEMHJ9JH\valera[1] 26.5 KB
    Infected: riskware not-a-virus:PSWTool.Win32.Aster.55 c:\program files\program files\passware\ariskkey.exe 177 KB
    Infected: Trojan program Trojan-Spy.HTML.Amazofraud.j c:\documents and settings\administrator\local settings\application data\identities\{698406d4-bd88-4a6c-85be-845ff379c107}\microsoft\outlook express\inbox.dbx 16.9 MB
    Infected: Trojan program Trojan.Win32.Agent.bck C:\WINDOWS\system32\gbstjunu.exe 73.6 KB
    **************************
    Reply With Quote Reply With Quote
  3. 10-02-2007, 02:33 PM #3
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Give me a HJT log.
    Reply With Quote Reply With Quote
  4. 10-02-2007, 06:51 PM #4
    gene593
    gene593 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22
    Reply With Quote Reply With Quote
  5. 10-02-2007, 06:52 PM #5
    gene593
    gene593 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    HJT Log

    Reply With Quote Reply With Quote
  6. 10-02-2007, 06:54 PM #6
    gene593
    gene593 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    HJT Log

    Attached is the log. For some reason it would not paste. Thanks.
    Attached Files Attached Files
    Reply With Quote Reply With Quote
  7. 10-02-2007, 08:00 PM #7
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Give me a bit to look things over ok?

    Gene I see right off that you are running at least portions of two anti-virus programs...your Kaspersky AND some Norton files. If you previously had Norton on the machine you need to go back through and remove what is left.
    Reply With Quote Reply With Quote
  8. 10-02-2007, 08:27 PM #8
    gene593
    gene593 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    HJT Log

    Thanks for the heads-up. I uninstalled the rest of Nortons.

    Attached is the updated HJT log.
    Attached Files Attached Files
    Reply With Quote Reply With Quote
  9. 10-02-2007, 08:28 PM #9
    jholland1964's Avatar
    jholland1964
    jholland1964 is offline Administrator
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    80
    Posts
    4,079
    Tell you one thing you can do Gene to make this HJT log a bit more readable and that is run HJT again and put a checkmark next to ALL of the O18 entries that read like this;
    O18 - Protocol: bwz0 - {AE57D50F-716C-4C1B-AFFD-231FEBA102D2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    I believe, if I counted right there are at least 77 of those Logitech Desktop Messenger entries. They are totally unnecessary and is there just to "monitor" Logitech claims...get rid of these by placing a checkmark next to each. Once you have places the checkmarks then click the Fix Checked button.
    Exit HJT.
    Run a NEW HJT scan and post that new log here.
    Reply With Quote Reply With Quote
  10. 10-02-2007, 08:43 PM #10
    gene593
    gene593 is offline Junior Member
    Join Date
    Oct 2007
    Posts
    22

    HJT Log

    I deleted them and here is the new log.

    I never knew all of that was running in the background. I'm making progress already!
    Attached Files Attached Files
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules