Unknown cause to an annoying prob!

Computing.Net > Forums > Security and Virus > Unknown cause to an annoying prob!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Unknown cause to an annoying prob!

Name: KSA
Date: May 9, 2006 at 06:18:55 Pacific
OS: windows xp
CPU/Ram: amd 2.2mhz/1 gig ram
Product: component

Comment:

Hi, my problem is that my pc insists on minimizing anything that is fullscreen constantly. It also 'de-activates' windows that are open so that you have to reselect them with mouse pointer to be able to interact. When these actions occur they are accompanied by a sound not unlike the standard windows sound for mouse clicks, as well as the mouse pointer showing the eggtimer graphic for a split second. It makes using the pc pretty much an annoyance. I have had this problem before and have had to re-install the os after a hard disk format. I would like to try and avoid that if possible since it is time consuming!
I have used avg, avast and pc-cillin to due scans and nothing i have used ad-aware and the online scanner from trendmicro to look for all the other stuff and nothing! There must be something as the syptoms i discribe online seem to be occuring when i try and use something and therefore something must be in memory somewhere!
Please can somebody help me. I am desparate!
This problem only cropped up 2 weeks ago and affects evrything i try and do or use on my PC! Please help!

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: May 9, 2006 at 06:43:18 Pacific

Reply:

I'm not sure if it is viri or spyware but we can take a look at it. Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 2

Name: KSA
Date: May 10, 2006 at 08:41:18 Pacific

Reply:

this is the Hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 4:27:37 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\SOUNDMAN.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Gigabyte\ET5\GUI.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
D:\WINDOWS\system32\RUNDLL32.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
D:\Documents and Settings\Iain\Desktop\Problem\procexp.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\IEXPLORE.exe
D:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {35A6A329-1319-4C8C-853D-22BC27B42FDE} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EasyTuneV] D:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Ad-Aware] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AWMON] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [RunGCW] D:\PROGRA~1\Nokia\NOKIAP~1\GETCON~1.exe /instsupp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: 3 Piggs Poker - {4835CF45-71B5-4c6c-BBE0-350DCD75D237} - D:\Program Files\3piggspokerMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137316381231
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137369568578
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE95B195-6D33-4B7C-93DF-0BE49788EA17}: NameServer = 196.25.255.34 196.25.255.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6EE5C9F-F951-44C0-A50D-FD4B8CD52A87}: NameServer = 196.25.255.34
O18 - Protocol: bw+0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {12F5A229-0768-410B-8FAD-93050314D624} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SysEnforce - Unknown owner - D:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.exe (file missing)
The scan is taking a while at least there is the HJT file for now. As soon as the results from kaspersky are available i will post

Response Number 3

Name: KSA
Date: May 10, 2006 at 08:51:14 Pacific

Reply:

Hi there here is the kaspersky scan! i have removed all the infected files! well they are in the recycle bin for now!
--------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, May 10, 2006 5:42:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 10/05/2006
Kaspersky Anti-Virus database records: 192830
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 76545
Number of viruses found: 15
Number of infected objects: 39
Number of suspicious objects: 1
Duration of the scan process: 01:13:52
Infected Object Name / Virus Name / Last Action
C:\My download files\Downloading software\edonkey 2000 with crack\E-Donkey 2000 v.6.1.exe/data0005/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\My download files\Downloading software\edonkey 2000 with crack\E-Donkey 2000 v.6.1.exe/data0005 Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\My download files\Downloading software\edonkey 2000 with crack\E-Donkey 2000 v.6.1.exe NSIS: infected - 2 skipped
C:\My download files\Downloading software\edonkey 2000 with crack\Programs\eDonkey 2000 6.1 + Crack & Emule.exe/E-Donkey 2000 v.6.1.exe/data0005/UCMIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\My download files\Downloading software\edonkey 2000 with crack\Programs\eDonkey 2000 6.1 + Crack & Emule.exe/E-Donkey 2000 v.6.1.exe/data0005 Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\My download files\Downloading software\edonkey 2000 with crack\Programs\eDonkey 2000 6.1 + Crack & Emule.exe/E-Donkey 2000 v.6.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\My download files\Downloading software\edonkey 2000 with crack\Programs\eDonkey 2000 6.1 + Crack & Emule.exe ZIP: infected - 3 skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0004/data0008 Infected: not-a-virus:AdWare.Win32.CommonName.k skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0004/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.k skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0004 Infected: not-a-virus:AdWare.Win32.CommonName.k skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0005/Files/iedclean.exe Infected: Trojan.Win32.KillFiles.he skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0005/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.d skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0005/Files/IEUPDATE.EXE Infected: Trojan-Downloader.Win32.VB.hr skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0005/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.k skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0005/Files/uninstall.exe Infected: not-a-virus:AdWare.Win32.AdSrve.d skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe/data0005 Infected: not-a-virus:AdWare.Win32.AdSrve.d skipped
C:\My download files\DVD SOFTWARE\DVD Region-Free WinALL + crack.exe NSIS: infected - 9 skipped
C:\VSL02.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\VSL02.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\VSL02.exe NSIS: infected - 2 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a02548/Black and white 2 keygen.exe Infected: Backdoor.Win32.Agobot.gen skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a02548 ZIP: infected - 1 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a02548 CryptFF.b: infected - 1 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a02964/Black and white 2 keygen.exe Infected: Backdoor.Win32.Agobot.gen skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a02964 ZIP: infected - 1 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a02964 CryptFF.b: infected - 1 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a03072/Black and white 2 keygen.exe Infected: Backdoor.Win32.Agobot.gen skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a03072 ZIP: infected - 1 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\Black and White 2 keygen.zip.bac_a03072 CryptFF.b: infected - 1 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\count.jar-78fa5110-41725be2.zip.bac_a02964/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\count.jar-78fa5110-41725be2.zip.bac_a02964/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\count.jar-78fa5110-41725be2.zip.bac_a02964/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\count.jar-78fa5110-41725be2.zip.bac_a02964 ZIP: infected - 3 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\count.jar-78fa5110-41725be2.zip.bac_a02964 CryptFF.b: infected - 3 skipped
D:\Documents and Settings\Iain\.housecall\Quarantine\nmofr1fe.wmf.bac_a03072 Suspicious: Exploit.Win32.IMG-WMF skipped
D:\Documents and Settings\Iain\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: Trojan-Clicker.JS.Agent.e skipped
D:\WINDOWS\system32\ad.html Infected: Trojan-Clicker.JS.Agent.e skipped
E:\Firefox downloads\torrents\BitTorrent-4.0.4.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
E:\Firefox downloads\torrents\BitTorrent-4.0.4.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
E:\Firefox downloads\torrents\BitTorrent-4.0.4.exe NSIS: infected - 2 skipped
Scan process completed.
Please advise
Regards
KSA

Response Number 4

Name: jabuck
Date: May 10, 2006 at 10:48:06 Pacific

Reply:

We will need a few tools. Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode
Be sure to update Ewido
Download killbox to your desktop from this link Killbox We will need it later in safe mode
Next follow these directions to reboot into safe mode Safe Mode
Navigate to D:\Documents and Settings\Iain\.housecall\Quarantine and delete the contents of the quarantine folder.
Run HT in safe mode, close all windows except HT, place a check to the left of these items and press "fix checked":
O2 - BHO: (no name) - {35A6A329-1319-4C8C-853D-22BC27B42FDE} - blank (file missing)
O9 - Extra button: 3 Piggs Poker - {4835CF45-71B5-4c6c-BBE0-350DCD75D237} - D:\Program Files\3piggspokerMPP\MPPoker.exe
Run ewido from safe mode and let it delete all that it finds.
Run ATF-Cleaner from safe mode.
Start Killbox place a tick next to [x]Delete on reboot "Press the All Files button"
Copy this whole list into the windows clipboard, all the bolded file paths below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\VSL02.exe
D:\WINDOWS\system32\ad.html
Next in Killbox go to File > Paste from clipboard
"Click on the All Files button."
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Reboot to normal mode and run a new kaspersky scan and post the results.

Response Number 5

Name: jabuck
Date: May 10, 2006 at 20:03:36 Pacific

Reply:

KSA,Thanks for the follow-up over at Tech Support Guy Forums
It really ties up a lot of people when you post on several forums.
Could at least have the courtesy to post back with you success.
KSA
Junior Member Posts: 3
Join Date: May 2006
Experience: somwhere between beginner and intermediate

Problem solved!
Did a scan with kaspersky virus software!
D:\Documents and Settings\Iain\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: Trojan-Clicker.JS.Agent.e skipped
D:\WINDOWS\system32\ad.html Infected: Trojan-Clicker.JS.Agent.e skipped
quite an annoying little *&^&.
Thank you for your help and advice it is greatly apprecciated without it i would have gone crackers and had to endure a re-install.
thank you once again!

td.exe 2000 terminalserver crack desktop.htt	Trojan-Downloader.Java.OpenConnection.at Dldrv2 Control Dldrv.ocx GUI.exe
See More

Sponsored Link

Ads by Google

Winnet.dll not found

Another big Ad-aware upda...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Unknown cause to an annoying prob!

Not sure if spyware, virus or worm

Summary

www.computing.net/answers/security/not-sure-if-spyware-virus-or-worm/11650.html

Help - homepage hijacked and more..

Summary

www.computing.net/answers/security/help-homepage-hijacked-and-more/9144.html

Persistent peper/vs7debug virus

Summary

www.computing.net/answers/security/persistent-pepervs7debug-virus/9283.html

From the Geek Dictionary
dumb - A terminal with no onboard processing reesources, dependent on the network ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
vcdcutter key for windows vista

network connection problem

Why Additional Domain Controller

Should I reconfigure my servers?

How to convert PPT to video wiht good quality

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE