| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 65328 | 2006-01-14 21:01:00 | win32:Nsag-B(DII) | the sunnygirl (9620) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 421109 | 2006-01-14 21:01:00 | hi all :help: who can help me? my problem is ive got some terbile virus called [B]win32:Nsag-B(DII). :mad: it make me unghappy . It doesnt go remove, i dont knwo what to do , if u know help me pls help me the sonner the better. i have never had this one before after i opened one pereversz stupid vebsite iv egot it waht can i do, ? I hope i wount have to throuw away to trash my computer, pls help me.u can too write to my private email too tvectra@hotmail.com. ive been waiting, iv got it yesterday :help: |
the sunnygirl (9620) | ||
| 421110 | 2006-01-14 21:36:00 | Riiiiiiight. And you're not an email address harvester for spam of course. | Greg (193) | ||
| 421111 | 2006-01-14 21:56:00 | This code is only contained in WININET.DLL, and only if it is placed there by another malicious program. Two versions (Win32.Nsag.A and Win32.Nsag.B) exist with minor differences and they are functionally equivalent. Its task is to redirect the HttpSendRequest function calls to an external DLL. This function is called for most internet page and file downloads, and hooking it makes possible the interception and modification of the data sent. Win32.Nsag can be injected into WININET.DLL by various programs, for example Trojan.DL.Agent.RM (typically named w8673492.exe, 12289 bytes) or Trojan.DR.Agent.QX (typically named loader34.exe, 49152 bytes). The latter manifests itself by changing the wallpaper to a blue background error message: Security warning A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c * System can not function in normal mode. Please check you security settings. * Scan your PC with any avaliable antivirus / spyware remover program to fix the problem. |
WhiteWolf4 (3713) | ||
| 421112 | 2006-01-14 22:06:00 | I suggest you work thru this page. Press F1 Spyware & Viruses detection and removal FAQ (www.pressf1.co.nz 16) |
EX-WESTY (221) | ||
| 421113 | 2006-01-15 03:56:00 | Hi the sunnygirl Download smitRem . exe ( . geekstogo . com/click%20counter/click . php?id=1" target="_blank">noahdfear . geekstogo . com) and save the file to your desktop . Double click on the file to extract it to it's own folder on the desktop . Open the smitRem folder, then double click the RunThis . bat file to start the tool . Follow the prompts on screen . Wait for the tool to complete and disk cleanup to finish . ============================== When done please download HijackThis ( . cyberanswers . org/forum/uploads/HijackThis1991 . exe" target="_blank">www . cyberanswers . org) . It will create a directory folder for you in C\Program files . Run a scan and save the log file . Post the whole log file here . Do not fix anything since most of them listed there are harmless (some are system required) . This program will help determine what,if any, spyware/malware is on your computer . |
Pancake (6359) | ||
| 421114 | 2006-01-16 21:52:00 | hi greg are u here? tell me try to find me any antivirus program whitch remove thata win32.Nsag.b i just see u are online until nothink helped me. | the sunnygirl (9620) | ||
| 421115 | 2006-01-16 21:53:00 | hi are u here? do u know ot help me try to find any antivirus program i dont know i think witch is free loaded cos all or nothink hlpe me to remove thata virus. THANKS LEA |
the sunnygirl (9620) | ||
| 421116 | 2006-01-16 22:26:00 | hi are u here? do u know ot help me try to find any antivirus program i dont know i think witch is free loaded cos all or nothink hlpe me to remove thata virus. THANKS LEA Avast = 4 Home Edition - Free antivirus software - free virus protection for home PC: - full-featured antivirus package designed for home usage.(FREE) = http://www.avast.com |
Sultan_Emerr (7444) | ||
| 421117 | 2006-01-19 02:07:00 | Posted on behalf of the sunnygirl Logfile of HijackThis v1 . 99 . 1 Scan saved at 19:41:26, on 18 . 1 . 2006 Platform: Windows 98 SE (Win9x 4 . 10 . 2222A) MSIE: Internet Explorer v5 . 50 (5 . 50 . 4134 . 0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32 . DLL C:\WINDOWS\SYSTEM\MSGSRV32 . EXE C:\WINDOWS\SYSTEM\MPREXE . EXE C:\WINDOWS\SYSTEM\MSTASK . EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV . EXE C:\WINDOWS\SYSTEM\mmtask . tsk C:\WINDOWS\EXPLORER . EXE C:\WINDOWS\SYSTEM\RPCSS . EXE C:\WINDOWS\SYSTEM\INTERNAT . EXE C:\WINDOWS\TASKMON . EXE C:\WINDOWS\SOUNDMAN . EXE C:\WINDOWS\LOADQM . EXE C:\WINDOWS\SYSTEM\DDHELP . EXE C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY . EXE C:\WINDOWS\SYSTEM\LVCOMS . EXE C:\WINDOWS\SYSTEM\STIMON . EXE C:\WINDOWS\MSREG . EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV . EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV . EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED . EXE C:\WINDOWS\SYSTEM\QTTASK . EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01 . 02 . 3000 . 1001\SK-SK\MSNAPPAU . EXE C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER . EXE C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER . EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA . EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST . EXE C:\WINDOWS\RUNDLL32 . EXE C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP . EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE . EXE C:\WINDOWS\SYSTEM\WINOA386 . MOD C:\PROGRAM FILES\HIJACKTHIS 1 . 99 . 1\HIJACKTHIS . EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www . yahoo . com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank . htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;localhost;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Prepojenia R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR . DLL R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3 . BIN\MWSSRCAS . DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5 . 0\READER\ACTIVEX\ACROIEHELPER . OCX O2 - BHO: AIMSite Class - {D70E6A20-7060-4829-B3D7-B6624A1DE7C6} - C:\PROGRAM FILES\AIM TOOLBAR\AIMHELPER . DLL (file missing) O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM . DLL O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC . DLL O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01 . 02 . 3000 . 1001\SK-SK\MSNTB . DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01 . 03 . 0000 . 1005\EN-XU\STMAIN . DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1 . dll O2 - BHO: (no name) - {8D5A9FC1-848E-11DA-8ECD-00501BE19985} - C:\WINDOWS\SYSTEM\EDIF . DLL (file missing) O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR . DLL O3 - Toolbar: @msdxmLC . dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM . OCX O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YT . DLL O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01 . 02 . 3000 . 1001\SK-SK\MSNTB . DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1 . dll O4 - HKLM\ . . \Run: [internat . exe] internat . exe O4 - HKLM\ . . \Run: [ScanRegistry] C:\WINDOWS\scanregw . exe /autorun O4 - HKLM\ . . \Run: [Sledovanie úloh] C:\WINDOWS\taskmon . exe O4 - HKLM\ . . \Run: [LoadPowerProfile] Rundll32 . exe powrprof . dll,LoadCurrentPwrScheme O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\SYSTEM\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [LoadQM] loadqm . exe O4 - HKLM\ . . \Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart . exe O4 - HKLM\ . . \Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray . exe O4 - HKLM\ . . \Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS . exe O4 - HKLM\ . . \Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON . EXE O4 - HKLM\ . . \Run: [Online Service] C:\WINDOWS\msreg . exe O4 - HKLM\ . . \Run: [LanGuard] "C:\WINDOWS\languard . exe" O4 - HKLM\ . . \Run: [avidup] "C:\WINDOWS\avidup . exe" O4 - HKLM\ . . \Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\WINDOWSUPDATE . EXE O4 - HKLM\ . . \Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV . EXE O4 - HKLM\ . . \Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv . exe O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKLM\ . . \Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK . EXE" -atboottime O4 - HKLM\ . . \Run: [cpds] C:\WINDOWS\cpds . exe O4 - HKLM\ . . \Run: [scrbmk] "C:\WINDOWS\scrbmk . exe" O4 - HKLM\ . . \Run: [rusto] "C:\WINDOWS\rusto . exe" O4 - HKLM\ . . \Run: [StartAOL] "C:\AMERICA ONLINE 6 . 0\AOL . EXE" O4 - HKLM\ . . \Run: [msnappau] "c:\program files\MSN Apps\Updater\01 . 02 . 3000 . 1001\sk-sk\msnappau . exe" O4 - HKLM\ . . \RunServices: [LoadPowerProfile] Rundll32 . exe powrprof . dll,LoadCurrentPwrScheme O4 - HKLM\ . . \RunServices: [SchedulingAgent] mstask . exe O4 - HKLM\ . . \RunServices: [Agent plánovania] C:\WINDOWS\SYSTEM\mstask . exe O4 - HKLM\ . . \RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON . EXE -service O4 - HKLM\ . . \RunServices: [Fpx] C:\WINDOWS\SYSTEM\mnmsrvc . exe O4 - HKLM\ . . \RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ . exe O4 - HKCU\ . . \Run: [NVIEW] rundll32 . exe nview . dll,nViewLoadHook O4 - HKCU\ . . \Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail . exe /c O4 - HKCU\ . . \Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger . exe O4 - HKCU\ . . \Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER . EXE 1 O4 - Startup: Spuštění Office . lnk = C:\Program Files\Microsoft Office\Office\OSA . EXE O4 - Startup: Logitech Desktop Messenger . lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf . exe O4 - Startup: Rychlé hledání Microsoft . lnk = C:\Program Files\Microsoft Office\Office\FINDFAST . EXE O4 - Startup: FriendFinder Messenger . lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger\FFIMC . exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg . htm O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR . DLL/aimsearch . htm O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch . htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict . htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap . htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms . htm O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1 . DLL/cmsearch . html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1 . DLL/cmwordtrans . html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1 . DLL/cmcache . html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1 . DLL/cmsimilar . html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1 . DLL/cmbacklinks . html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1 . DLL/cmtrans . html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR . DLL/SEARCH . HTML O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ . exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ . exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite . exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite . exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA . DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA . DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC . DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM . EXE O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather . exe (HKCU) O12 - Plugin for . spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox . dll O14 - IERESET . INF: START_PAGE_URL=http://www . aol . com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - . imgfarm . com/images/nocach . . . up1 . 0 . 0 . 8-2 . cab" target="_blank">ak . imgfarm . com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - . msn . com/download/M . . . pDownloader . cab" target="_blank">messenger . msn . com O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172 . 16 . 143 . 254,195 . 12 . 128 . 1 O18 - Protocol: offline-8876480 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw00 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw00s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw10 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw10s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw20 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw20s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw30 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLLO18 - Protocol: bw30s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw40 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw40s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw50 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw50s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw60 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw60s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw70 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw70s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw80 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw80s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw90 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw90s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - . msn . com/download/M . . . pDownloader . cab" target="_blank">messenger . msn . com O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 172 . 16 . 143 . 254,195 . 12 . 128 . 1 O18 - Protocol: offline-8876480 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw00 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw00s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw10 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw10s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw20 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw20s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw30 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw30s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw40 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw40s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw50 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw50s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw60 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw60s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw70 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw70s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw80 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw80s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw90 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw90s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwq0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwq0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwr0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwr0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bws0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bws0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwt0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwt0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwu0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwu0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwv0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwv0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bww0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bww0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwx0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwx0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwy0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwy0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwz0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwz0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw-0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw-0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw+0 - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bw+0s - {0392F701-5316-11DA-8ECD-0050FCF0CB41} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480 . DLL O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480 . DLL P:S im not sure if i good understood u but u write me back if u thought somethink other to sen u ok?until tx |
Pancake (6359) | ||
| 421118 | 2006-01-19 02:11:00 | Hi the sunnygirl It may help to print out or copy this page as you will be working in Safe Mode . . Make sure to work through the fixes in the exact order its listed . . . To show hidden files instructions (Win 95/98/98SE/98Gold/ME) Right click Start/ Explorer | View | Folder Options | View tab Select Show all Files Uncheck Hide file extensions for known file types Select Like Current Folder button at top | Yes | Apply | OK ------------------------------------------------------------------ Any files highlighted in BLACK will need to be removed from your hard drive . Folders that have been highlighted RED will need to be uninstalled or deleted . ------------------------------------------------------------------ How to setup AboutBuster version 5 Download AboutBuster ( . bleepingcomputer . com/files/aboutbuster . php" target="_blank">www . bleepingcomputer . com) Then unzip all files from the zip folder to a folder or your desktop . Start it and press the OK button . Then hit the update button and a new screen will appear . On that screen press the Check for Updates button . . To scan your machine, press the Start button and then press OK . The program should start scanning . When it is done, press the exit button and reboot . Once rebooted run About:Buster one more time . This program is updated often so you should always use the built in update feature before you scan with it . ----------------------------------------------------------------------- Please start by going into SAFE MODE . During reboot, tap the F8 key . Select Safe Mode and then run "Hijack This" ------------------------------------------------------------------ Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc . Tools->Open Uninstall manager AWS ----------------------------------------------------------------- Go into HijackThis->Config->Misc . Tools->Open process manager . Select the following exe file and click End Process for each one if they are listed . msreg . exe languard . exe avidup . exe WINDOWSUPDATE . EXE cpds . exe scrbmk . exe rusto . exe ------------------------------------------------------------------ Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes . Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT . R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank . htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\3 . BIN\MWSSRCAS . DLL (file missing) O2 - BHO: (no name) - {8D5A9FC1-848E-11DA-8ECD-00501BE19985} - C:\WINDOWS\SYSTEM\EDIF . DLL (file missing) O4 - HKLM\ . . \Run: [Online Service] C:\WINDOWS\msreg . exe O4 - HKLM\ . . \Run: [LanGuard] "C:\WINDOWS\languard . exe" O4 - HKLM\ . . \Run: [avidup] "C:\WINDOWS\avidup . exe" O4 - HKLM\ . . \Run: [WindowsUpdate] C:\WINDOWS\SYSTEM\WINDOWSUPDATE . EXE O4 - HKLM\ . . \Run: [cpds] C:\WINDOWS\cpds . exe O4 - HKLM\ . . \Run: [scrbmk] "C:\WINDOWS\scrbmk . exe" O4 - HKLM\ . . \Run: [rusto] "C:\WINDOWS\rusto . exe" O4 - HKCU\ . . \Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER . EXE 1 O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather . exe (HKCU) ------------------------------------------------------------------ Open Windows Explorer and delete the following highlighted file/s Also delete the following red folder/s C:\WINDOWS\msreg . exe C:\WINDOWS\languard . exe C:\WINDOWS\avidup . exe C:\WINDOWS\SYSTEM\WINDOWSUPDATE . EXE C:\WINDOWS\cpds . exe C:\WINDOWS\scrbmk . exe C:\WINDOWS\rusto . exe C:\PROGRAM FILES\AWS ------------------------------------------------------------------- When finished please post a new log . . . . . . |
Pancake (6359) | ||
| 1 | |||||