Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware?

Started by replica , Oct 14 2005 10:16 PM

  • This topic is locked This topic is locked

#1
replica
Posted 14 October 2005 - 10:16 PM

replica

    Member

  • Member
  • PipPip
  • 27 posts
Hi,

I've been through each step before I posted here and still having problems.
I removed a couple of files from Ad-Aware (Sahagent)

obj[55]=File : C:\System Volume Information\_restore{881BF775-EDD2-4EC2-8A6F-9117D1FB88EB}\RP146\A0020569.exe.tcf
obj[56]=File : C:\System Volume Information\_restore{881BF775-EDD2-4EC2-8A6F-9117D1FB88EB}\RP146\A0020570.dll
obj[57]=File : C:\System Volume Information\_restore{881BF775-EDD2-4EC2-8A6F-9117D1FB88EB}\RP146\A0020571.exe
obj[60]=File : C:\System Volume Information\_restore{881BF775-EDD2-4EC2-8A6F-9117D1FB88EB}\RP149\A0021629.exe.tcf
obj[63]=File : C:\System Volume Information\_restore{881BF775-EDD2-4EC2-8A6F-9117D1FB88EB}\RP150\A0021669.dll
obj[64]=File : C:\System Volume Information\_restore{881BF775-EDD2-4EC2-8A6F-9117D1FB88EB}\RP150\snapshot\MFEX-2.DAT
obj[65]=File : C:\System Volume Information\_restore{881BF775-EDD2-4EC2-8A6F-9117D1FB88EB}\RP206\A0030307.exe
obj[66]=File : C:\WINDOWS\system32\n5hq7k1f.exe.tcf


and I've been having problems updating Spybot Search & Destroy, I've downloaded the definitions without problems but I'm unable to download this file (File : Immunize Fix - Fixes Problems with IE // Incompability) error comes up and says "!!! Bad Checksum !.. English Help for TeaTimers and Startup Info updates didn't work either but I don't think I will need these files.

Also in Explorer, my Favourites are incorrectly displayed as you can see from the pictures attached.. not sure if that has anything to do with malware but I'll add it anyway.

The first one shows what it looks like most of the time and the 2nd picture is what it should look like.

Programs keep crashing "Not Responding", also programs using 100% CPU Usage.
Same happens with Iexplorer windows, constantly crashing when have more than a couple open.

Please find below my Hijackthis log and hope you will be able to shed some light on my situation.

Logfile of HijackThis v1.99.1
Scan saved at 1:40:55 PM, on 15/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
G:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exetel.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....012/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1116374715498
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.c.../npseatools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15012/CTPID.cab
O18 - Protocol: bw+0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



ADDED 18/10/05
I did an Ewido scan on 16/10/05 and got rid of:
Spyware.Chitika
Spyware.Cookie.Liveperson
Spyware.Cookie.Com
Spyware.Cookie.Clickhype
Spyware.Cookie.Yieldmanager

Attached Files


Edited by replica, 18 October 2005 - 02:02 AM.

  • 0

Advertisements

#2
greyknight17
Posted 18 October 2005 - 09:45 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

For Spybot, choose another download location. There is a drop down box right there...just choose another location like Safer Networking #1 or the others. They shouldn't have bad checksum, otherwise it's a bad download.

Did you install any new software/hardware lately? How about changing any settings?

Nothing much to fix here:

Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one:

Check and fix ALL those O18 entries below related to Logitech, except for the first line (see below). Leave that entry unchecked:

O18 - Protocol: bw+0 - {F6E82D90-C0DE-473E-94E6-18C84171BDD4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Did Ewido remove everything it found though? If so, then I guess we can probably rule out possible viruses...unless you want to run a Panda ActiveScan also just to make sure?

This might be a corrupted system file or maybe bad memory.

Download the Windows Memory Diagnostic Tool and install it on a blank floppy disk. Restart your computer and insert the floppy. If necessary, change your bios to boot from the floppy drive first. Let it load from the floppy and run the memory test for about 15 minutes. If no errors show up, you may exit the program and take out the floppy. See if any errors are found.

Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. See if any files are missing/corrupt.
  • 0

#3
replica
Posted 21 October 2005 - 06:29 AM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey Greyknight17

I was able to update spybot and I found 47 entries of Back Web Lite so I deleted

Haven't changed any settings or installed anything new.
I uninstalled logitech drivers, i just removed all those files from hijackthis

Ewido removed everything it found, I ran a Panda Virus scan and found "Spyware.dyfuca" but it didn't clean

I was unable to run the Memory Diagnostic Tool, having trouble getting my floppy drive to work.

Windows didn't find any files missing

Regards,
Matthew
  • 0

#4
greyknight17
Posted 21 October 2005 - 04:51 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did Panda mention a location and filename for Spyware.dyfuca? If not, just ignore it. It's harmless if it's just a Windows Registry.

Take a look at the Microsoft site I gave you for the Memory Diagnostic Tool. They have a guide on how to run it on a CD I think. So try that out.

Do you still have the favorite and program freezing problem?
  • 0

#5
replica
Posted 24 October 2005 - 07:07 PM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It didn't show a location

I had just recently bought some more ram, so I took out what I had and put in the new ram but it still seems to be having problems with the favourites and I haven't had ne programs freezing but ie keeps crashing, not all the time but occasionally.... shouldn't be happening.
  • 0

#6
replica
Posted 24 October 2005 - 07:08 PM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It didn't show a location

I had just recently bought some more ram, so I took out what I had and put in the new ram but it still seems to be having problems with the favourites and I haven't had ne programs freezing but ie keeps crashing, not all the time but occasionally.... shouldn't be happening.
  • 0

#7
replica
Posted 24 October 2005 - 07:09 PM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It didn't show a location

I had just recently bought some more ram, so I took out what I had and put in the new ram but it still seems to be having problems with the favourites and I haven't had ne programs freezing but ie keeps crashing, not all the time but occasionally.... shouldn't be happening.
  • 0

#8
replica
Posted 24 October 2005 - 07:09 PM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It didn't show a location

I had just recently bought some more ram, so I took out what I had and put in the new ram but it still seems to be having problems with the favourites and I haven't had ne programs freezing but ie keeps crashing, not all the time but occasionally.... shouldn't be happening.
  • 0

#9
replica
Posted 24 October 2005 - 08:46 PM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It didn't show a location

I had just recently bought some more ram, so I took out what I had and put in the new ram but it still seems to be having problems with the favourites and I haven't had ne programs freezing but ie keeps crashing, not all the time but occasionally.... shouldn't be happening.

I'm sorry about the many posts but everytime i tried to submit post it came up as cannot find server and I guess it did post

Edited by replica, 24 October 2005 - 08:48 PM.

  • 0

#10
greyknight17
Posted 25 October 2005 - 06:28 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, let's try repairing Windows XP then. I hope you do regular backups of your data. Although this process should/will not erase your data, you should do backups anyway if your data is important to you.

Let's start the repair and see if it fixes the favorites problem:

1. Insert the Windows XP CD into your computer's CD-ROM or DVD-ROM drive, and then restart your computer.
2. When the "Press any key to boot from CD" message appears on the screen, press a key to start your computer from the Windows XP CD.

Note Your computer must be configured to start from the CD-ROM or DVD-ROM drive. For more information about how to configure your computer to start from the CD-ROM or DVD-ROM drive, see your computer's documentation or contact your computer manufacturer.
3. You receive the following message on the Welcome to Setup screen that appears:
This portion of the Setup program prepares Microsoft Windows XP to run on your computer:

To setup Windows XP now, press ENTER.

To repair a Windows XP installation using Recovery Console, press R.

To quit Setup without installing Windows XP, press F3.
Press ENTER to set up Windows XP.
4. On the Windows XP Licensing Agreement screen, press F8 to agree to the license agreement.
5. Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
6. Follow the instructions that appear on the screen to reinstall Windows XP. After you repair Windows XP, you may have to reactivate your copy of Windows XP.

Credit to Microsoft Article (Method 2).
  • 0

Advertisements

#11
replica
Posted 26 October 2005 - 02:42 AM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Pressed Enter to Setup Windows XP
Agreed to the liscensing and
Selected the main drive, but there is no option to repair windows.

3 options came up
1. To setup Windows XP on the selected item, press Enter
2. To create a partition in the unpartioned space, press C
3. To delete selected partition, Press D

The only logical one to go with would be the first.
My main drive has 2 partitions, would that matter?

After I used boot from CD-Rom, I went back to booting from HDD and "Checking File System on G:" came up while windows was loading, does that have anything to do with what I just did?

Thanks for taking the time to help me out.!!
  • 0

#12
greyknight17
Posted 26 October 2005 - 04:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Make sure you backup your data now before we continue on...although this process shouldn't erase any of your data, I suggest backing up anyway as a precaution.

When you get to the part where you select the drive, select it and choose setup. See if there is an option to repair windows in there. Do NOT choose to format...
  • 0

#13
replica
Posted 28 October 2005 - 08:46 AM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
How would I go about backing up my data?
  • 0

#14
greyknight17
Posted 29 October 2005 - 12:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Not good...:tazz:

Back them up on CDs/DVDs or another hard drive if you have it. I wish I could go into more details here but since this forum is mainly for Spyware related problems, I have to ask you to ask this question in the Windows forum instead. They will give you detailed steps on how to backup if you ask them.
  • 0

#15
replica
Posted 29 October 2005 - 11:05 PM

replica

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Oh, didn't think you meant cd/dvd.. Thought you might have been talking about making a restore point...
There's pretty much only windows files and programs on my C: Drive so I'm just gonna unplug my other HDD's and go with the repair if it has it. I can just re-install if anything disappears.

Thanks for your help mate.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP