Help, infected with 8 spywares and then some...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by badmotorfinger, Mar 7, 2006.

  1. badmotorfinger

    badmotorfinger Private E-2

    Please help me fix my computer someone...
    I used the process on this link
    http://forums.majorgeeks.com/showthread.php?t=35407
    to scan my whole system for malware and I have two reports. The first report says it can't fix two of my infected files that are both in Norton Antivirus' quarantined section.
    The second panda scan found 8 spywares and I have attached both files below if anyone would be so kind to help!!!! Please!

    Also after doing this whole process, ever command I give my computer is slow to react, my highspeed internet is VERY slow and pulling up all windows and typing is TOTALLY delayed... Very frustrating..... Did I do something wrong?
     

    Attached Files:

    badmotorfinger, Mar 7, 2006
    #1
  2. badmotorfinger

    badmotorfinger Private E-2

    I also have Limewire on my computer and while it was going REALLY slow I went into Limewire and deleted all of my movies. I know what you are thinking...but there was only one porn movie and all the rest were music concerts. As soon as I deleted them, everything works fast again...Crazy.
     
    badmotorfinger, Mar 8, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You appear to have a Virtumonde infection. Run the steps in the below and attach the requested log from VundoFix.

    Virtumonde aka Trojan Vundo Removal

    Then go back to the READ & RUN ME sticky and follow the directions in step 7 and attach a HijackThis log.

    You should also empty all files from your Norton NPROTECT folder.
     
    chaslang, Mar 8, 2006
    #3
  4. badmotorfinger

    badmotorfinger Private E-2

    Chas thanks a bunch! I'll take your advice tonight when I get home, what is the Nprotect folder? I didn't see it when I opened NAV last night. I found 6 files that were like backup files or something. Are those what you are talking about? Thanks and forgive my ignorance! Have a great day!
    BMF
     
    badmotorfinger, Mar 8, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Norton provides the ability to back/protect the Recycle Bin. This is their Nprotect feature. It winds up being the collection point for saving all kinds of stuff you really do not mean to save including malware. Most people (similar to you) have no idea what it is or how to empty it or and simple do not use of need the feature.

    See the below which should help you to get it emptied:

    Emptying the Norton Protected Recycle Bin
     
    chaslang, Mar 8, 2006
    #5
  6. badmotorfinger

    badmotorfinger Private E-2

    Chaslang, thanks for all your help!
    I think I've done everything described.
    I made a mistake and AFTER I did the command item and did my whole c: commands I remembered I was supposed to start in safemode before doing that, so I restarted THEN in safemode and tried to redo my c: commands. It said that that command wasn't valid or something like it. the instructions said to do it for all of my drives and I have an a: and d: drive but when I tried to give the commands it said a: can't read a: drive and can't read d: drive and then it asked if I wanted to abort? retry? or something else...
    ???!!! So I hope I did it right...
    I did the hijack instructions and attached is my log. Thanks soooo much for your help, Chas!
    BMF

    I can see my attachment isnt' working so I'll have to retry the processes...
    GRRRRR!!! ;)
     

    Attached Files:

    badmotorfinger, Mar 8, 2006
    #6
  7. badmotorfinger

    badmotorfinger Private E-2

    WEll, now it looks like the attachment works... Please tell me if it's not working. After I attached it it had the red x next to it and after I posted it, now it's not there...
     
    badmotorfinger, Mar 8, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Instead of using command try entering cmd and see if that works for you.

    I'm looking at your HJT log now.
     
    chaslang, Mar 8, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First an observation of something you need to fix after we fix all malware. Your Sun Java version is way out of date.

    Is your Norton antivirus application working okay! HijackThis shows the below file to be missing. Check to see if it really is missing.
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

    You forgot to attach the log from VundoFix but it looks like it worked!

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\ddcyx.dll (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete (these may already be gone if VundoFix found them):
    C:\WINDOWS\system32\geedb.dll
    C:\WINDOWS\system32\vtsts.dll
    C:\WINDOWS\system32\ddcyx.dll

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST).

    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Mar 8, 2006
    #9
  10. badmotorfinger

    badmotorfinger Private E-2

    I went in using cmd and it accepted the first two commands and then when I typed in the:
    cd recycler\nprotect
    it said it was an invalid command.

    Then I tried doing my d: drive and it said it "was not ready".
    ???
     
    badmotorfinger, Mar 8, 2006
    #10
  11. badmotorfinger

    badmotorfinger Private E-2

    Chas, thanks again for all this help.
    I looked for the Norton file and it was not there. :(

    The three files I was to locate and delete were not there, so Vundofix must've found them.

    I deleted everything that was inside the Prefetch file.
    Ran the CCleaner and here is my newest Hijacklog.
    Thanks again!
     

    Attached Files:

    badmotorfinger, Mar 9, 2006
    #11
  12. badmotorfinger

    badmotorfinger Private E-2

    Chas, also how do I update/upgrade my Sun Java and what do I need to do to get that Norton file installed or do I need that? Thanks!
     
    badmotorfinger, Mar 9, 2006
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Why did you start using msconfig to control startups? We specifically indicate in the HijackThis steps not to use it. What are you stopping from loading? I need to see a HijackThis log without msconfig being used.

    You may need to reinstall your Norton AV to fix the missing file.

    We will get to the Java update later.
     
    chaslang, Mar 9, 2006
    #13
  14. badmotorfinger

    badmotorfinger Private E-2

    Chas, I think i've done it correctly now. I erased the old hijack this, stopped the start up manager from working per directions in sticky, redownloaded HJT on my C: drive, rescanned and here is the post. Thanks for your patience and have a great evening!
     

    Attached Files:

    badmotorfinger, Mar 9, 2006
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Let's get rid of that pain in the neck Logitech Desktop Messenger that is filling your log up with garbage. And also stop another few items from loading at startup that are not necessary and just waste resources!


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O18 - Protocol: bw+0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {C7FF9F54-2290-4867-8232-B4A4A98FD3EF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


    After clicking Fix, exit HJT.

    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.
     
    chaslang, Mar 10, 2006
    #15
  16. badmotorfinger

    badmotorfinger Private E-2

    Chas thanks so much for your help. I did as recommended and here is my log now. Computer is running smoothly. I think before talking to you i ran HJT and I might've erased something that has to do w/my printer/scanner. My printer can't "communicate w/myprinter" now. I've tried erasing the file and then downloading it and the driver again and when I try and run it it says, "can't find the Lxasmdm.dll file My printer is a Lexmark X83. Do you think I did this with HJT and if so can you recommend anything?
    Don't want to interrupt anything you're doing w/the other problems though.
    Thanks again and here is my log. Have a great night!
    BMF
     

    Attached Files:

    badmotorfinger, Mar 10, 2006
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log is good now.

    If you delete drivers using HJT, you should be able to find them in the backups that HJT makes (see the Misc Tools and Backups). Then you can restore it.

    If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Mar 10, 2006
    #17
  18. badmotorfinger

    badmotorfinger Private E-2

    Chas, thank you so much! I will go through these steps tonight. Have a great weekend!
     
    badmotorfinger, Mar 10, 2006
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf Safely!
     
    chaslang, Mar 10, 2006
    #19
  20. badmotorfinger

    badmotorfinger Private E-2

    CHas, went thru everything now and my computer is running like a champ! Thanks for all your help. You are a blessing...
     
    badmotorfinger, Mar 13, 2006
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome!! ;)
     
    chaslang, Mar 13, 2006
    #21

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds