Serious problem with Microsoft!

Discussion in 'Malware Help (A Specialist Will Reply)' started by s3ngy, Jan 8, 2006.

  1. s3ngy

    s3ngy Private E-2

    Hi,
    I am sorry if there is already an answer on here to my problem but I didn’t know what to search for to find it.

    I have gone through as much of the
    "READ & RUN ME FIRST Before Asking for Support"
    As possible but it still hasn’t solved my problem.
    I was unable to load the online Trojan and virus scanners because I can’t open internet explore, I have to use Mozilla Firebird and the scanners say they need to be ran in IE.

    The only problems I found through Microsoft windows antispyware were:
    Transponder.VX2.A Adware
    Transponder. BTGrab Adware

    The problem I am having is that I can’t load Microsoft messenger, it comes up with error 81000306 which is unable to connect to the internet. Also IE wont open, I have McAfee virus scanner and this wont update and the final problem I have noticed is that I can’t get into the “View network connections” window.

    I have attached the hijackthis file!

    I hope someone can help or lead me to a link where I can help myself.


    Thanks a lot
    Luke
     

    Attached Files:

    s3ngy, Jan 8, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please see step 3 of the READ ME again. You have both F-Secure Anti-Virus and McAfee antivirus installed. You must pick the one you want and uninstall the other.

    I see C:\Program Files\Internet Explorer\iexplore.exe running in your HJT log. I thought you said you could not open Internet Explorer.

    I do not see anything that would obviously cause a problem for IE to work; however the below should be fixed.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - (no file)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)
    O18 - Protocol: bw+0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {52160499-069D-4C65-A34E-0E4D53058267} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    Last edited: Jan 8, 2006
    chaslang, Jan 8, 2006
    #2
  3. s3ngy

    s3ngy Private E-2

    Hi,
    Thanks for answering my last question. I did as you said and I still have the same problems.

    I ran hijackthis again and have attached the new log.

    Thanks a lot for helping


    Luke
     

    Attached Files:

    s3ngy, Jan 10, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please post your HJT logs from normal boot mode.

    Also please respond to my statement from my last message which said:
    If you still cannot run IE, click Start, Run, and enter cmd and click OK. This will open a command prompt window. At the command prompt, enter the below command follow by the enter key:

    sfc /scannow

    Does it report and try to fix any problems? It may ask for your Windows XP SP2 CD.
    After successfully running this command, does IE work?
     
    chaslang, Jan 10, 2006
    #4
  5. s3ngy

    s3ngy Private E-2

    Hi,
    Thanks for your reply. I have attached the log ran in normal boot mode.

    Your comment about IE showing up on the last log was because I had clicked on the shortcut to try and load it but it doesn't load. Nothing actually happens when I click on the shortcut.

    When ever I click on these programs that wont run the computer makes a noise as if it is processing and the mouse changes to a busy pointer but then nothing loads.

    I did the sfc /scannow as you said and it scanned. Nothing has changed though. I still have the same problems.

    I hope you can help and I am giving you enough info.

    Thanks ever so much
    Luke
     

    Attached Files:

    s3ngy, Jan 11, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well that is not really true because it is running. If it were not running, it would not appear in the process list. It could be that it is just minimized. Did you look for it in the tray. Have you tried using the ALT-ESC key combination to switch between running tasks and see if it actually appears.

    Have you looked in Add/Remove programs for F-Secure? Uninstall if found. There is still a service for it running.
     
    chaslang, Jan 11, 2006
    #6
  7. s3ngy

    s3ngy Private E-2

    Hi,
    When you said about it running last time I have tried finding F-secure in add/remove and it is not there, I also looked in my tuneup software in the uninstall option and its not there either.

    So I went onto the website to find an uninstall tool and ran it which was meant to clear it out of the register but obviously didnt. I have also tried deleting all the files and there is just a .exe and a .dll file left that i cant delete so i tried renaming them so they wouldnt run but none of this obviously worked if you can still see it running.
    When I uninstalled it before it must have gone wrong somehow I guess but dont know what else can solve it.


    As regards IE, I have clicked on it again so I know it is running and as before ALT ESC does not find it and it isnt in windows task manager as a application but it is in as a process using 00 processor and 8,800K memory

    Its not just IE that doesnt run though, I still cant use:
    MSM
    view network conections window
    Itunes

    And there maybe more that I haven't found. It seams to be everything linked to the internet but as you can probably guess i'm no expert so maybe wrong!

    Do you think it is a virus I have or if not what is going on?

    Thanks
    Luke
     
    s3ngy, Jan 11, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First let's work on removing F-Secure completely before we continue looking for why certain applications will not run.

    Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to F-Secure Windows Security Center Legacy Detection Service (if that is not found, look for the short name: Fswsclds)... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

    F-Secure Windows Security Center Legacy Detection Service

    If that does not work, use the short name: Fswsclds

    Now exit HJT and reboot.

    After reboot delete the C:\Program Files\F-Secure Anti-Virus folder.

    Now run the below steps and attach all logs.

    First, please run this Running Ewido Security Suite and attach the Ewido log.


    Now download WinPFind
    • Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. .
    • Now click Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take sometimes take a while, upwards to 30 minutes or more.
    • When it is done, it will show the results of the scan. Right Click in the window and choose Select All. Then Right Click again and select Copy which will copy to the contents of the log to your clipboard. Then open a notepad window and paste in the log by pressing CTRL-V. Save it to a file and upload the text file here as an attachment.
     
    chaslang, Jan 11, 2006
    #8
  9. s3ngy

    s3ngy Private E-2

    Hi,
    Thanks for your help in removing F-secure. All the steps went well and it is now removed.

    I then ran the following in this order and have attached the logs:
    Ewido
    HJT
    WinPFind

    Thanks a lot
    Luke
     

    Attached Files:

    s3ngy, Jan 12, 2006
    #9
  10. s3ngy

    s3ngy Private E-2

    I thought I should add that I am connecting over a network.
    Dont know if this matters because I have been on the same network for the last 6months without any problem so I guess not.

    Hope the files show some good signs.
    Thanks
    Luke
     
    s3ngy, Jan 12, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you download and run McAfee Avert Stinger from C:\ ?
    C:\stinger.exe

    Are the below two file from PC Doctor? Do you have that or did you have it installed?
    C:\WINDOWS\realtime.exe
    C:\WINDOWS\pcboot.exe

    Also do you know that the below file is for:
    C:\WINDOWS\DOTEST.EXE
     
    chaslang, Jan 12, 2006
    #11
  12. s3ngy

    s3ngy Private E-2

    Hi,
    Yes I have downloaded and ran stinger in the past. I did it before I came onto this forum to try and find the virus myself.

    realtime.exe has an icon which is a red square with a white ambulence in but not sure what it is related to!! This is the same icon as "DOTEST.EXE" but red not yellow so guess it is linked to "PC MightyMax".
    ----
    pcboot.exe says it is "PC Doctor OnCall System Reboot"
    ----
    DOTEST.EXE says it is made by a company called "Sonbry Marketing International" and is "PC MightyMax"

    Thanks
    Luke
     
    s3ngy, Jan 13, 2006
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Bad place to put Stinger or anything else for that matter. It makes them look questionable. It is always a better idea to store programs in the their own folder with a name that indicates what it is so you will not forget later.

    Okay so it looks like your answer is that you installed PC Doctor and PC Mighty Max.

    When did you do that and when was your connection broken? Did you actually use these programs to do anything on your PC?

    Thus far it appears your problems are not due to malware and you may have to pursue resolving your issues in the Software Forum. Have you blocked access to the internet by mistake in your firewall?

    Check the below out:
    http://www.imzers.com/msn/solve/error-code-81000306
     
    Last edited: Jan 14, 2006
    chaslang, Jan 13, 2006
    #13
  14. s3ngy

    s3ngy Private E-2

    Hi,
    I have already tried that link and it didnt help. The problem is still the same.

    I havent blocked the internet but I cant get to see my connection setups just to make sure. I try going in throught "internet options" and it wont load, I have the same problem going through "View network connections"

    I dont ever remember installing PC Doctor or MightMax so I havent used them either! Shall I delete them?

    I have already removed stinger!

    What is my next step. I know you said it might be a software problem but why would it of happened all of a sudden.
    I cant:

    • Restore to backup point
    • update Mcafee
    • IE
    • I cant access anything with connection options in (It just freezes)
    • I cant view HTML emails in Outlook
    • Itunes wont load


    Thanks
    Luke
     
    s3ngy, Jan 14, 2006
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your problems do not sound like malware. They sound more like some kind of file corruption to certain applications and potentially certain registry settings. The problems seem to be isolated to only a few applications (unless there are others you have not mentioned that do not run). You could try a System Restore to a earlier point before the problems began to see if it helps. If it is only registry corruption and not too much in the way of file corruption, it could help.

    PC Doctor and MightMax would not get on you PC by themselves. Someone installed them. Do other people use the PC? Do other user accounts work ok? How do things work in safe mode?

    Are you sure that this application from Acer is not interferring in anyway:
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE

    Here is some info on it: http://www.bleepingcomputer.com/startups/CPLBCL53.EXE-13077.html
     
    chaslang, Jan 14, 2006
    #15
  16. s3ngy

    s3ngy Private E-2

    Hi,
    I am logged in in "safe mode with network" and everything works fine.
    What does this mean? There is still hope?
    -------
    I don't know about "PC Doctor and MightMax" shall i remove them and if so what is the best method?
    -------
    As regards "CPLBCL53.EXE" this is just a file that has options for the 2 hardware buttons on my computer. When I press these buttons either Calculator loads or outlook. I have tried removing this file but doesnt make any difference!

    Hope this info helps us get closser.

    Thanks
    Luke
     
    s3ngy, Jan 16, 2006
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Boot into safe mode and get a HijackThis log. Attach the HijackThis log from safe mode. I want to compare to the previous HJT log from normal boot mode to see if the problem is related to a process that only runs in normal boot mode.

    It could be something else though. There are many other items and drivers that do not load in safe but that do load in normal mode.

    I asked the below question previously which you have not answered:
    Check them in normal boot mode. If you have no other user accounts, create a new one and tell me if it works.
     
    chaslang, Jan 16, 2006
    #17
  18. s3ngy

    s3ngy Private E-2

    Hi,
    I tried other user accounts and they have exactly the same problem. I created a new one as well and this had the same problem.

    I have attached 2 logs, one in safe mode with network and the other in normal mode so you can see the 2 together.

    Thanks
    Luke
     

    Attached Files:

    s3ngy, Jan 16, 2006
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Boot in normal mode and click Start, Run, and enter msconfig and click OK! Click the Startup tab. Locate the below startup items and then uncheck them:

    LManager C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
    MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    TuneUp MemOptimizer "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart

    Then click Apply and OK. Allow your PC to reboot into normal mode. Do things work okay like this? Save a HijackThis log from this mode and attach it.

    If things do not work okay in the above test, Run msconfig and recheck all those items again. And Apply and click OK but do not reboot yet. First uninstall both Ewido and MS Antispyware. Then reboot in normal mode. Now do things work?
     
    chaslang, Jan 16, 2006
    #19
  20. s3ngy

    s3ngy Private E-2

    Hi,
    Right I did the first step you said, unchecking the items etc. When i rebooted it had not solve the problem. So I then opened msconfig again and found that 2 new lines had been added and were already selected. These were:

    MCAgentExe[/B] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    MCUpdateExe[/B] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    So these now are in the list twice. Only 1 set is selected. (Could this be the problem?)

    I then uninstalled the 2 programs and rebooted again but still no joy.

    Any more ideas?

    Thanks
    Luke
     
    s3ngy, Jan 17, 2006
    #20
  21. s3ngy

    s3ngy Private E-2

    I have now uninstalled McAfee and have change the settings on real media player and tune up software so nothing runs on start up.

    Here is the log for my system now. The only icon in the system tray now is "Safely remove hardware" and "Windows security alert"

    What else can it be?

    This is driving me mad and I expect it is for you as well!

    Thanks a lot for all this help

    Luke
     

    Attached Files:

    s3ngy, Jan 17, 2006
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run Msconfig again and this time click the Startup tab and select Disable All. Then Apply, OK, and then reboot and see what happens.

    If that does not help, after reboot, run msconfig again and leave startups disabled. Select the Services tab. Select Hide All Microsoft Services and then click Disable ALL. Now Apply, OK reboot.

    Any luck? If not, go back to the Services tab and do not hide the MS services. Just Disable ALL services. Now Apply, OK and reboot.

    Let me know the results.
     
    chaslang, Jan 17, 2006
    #22
  23. s3ngy

    s3ngy Private E-2

    Hi,
    Think were getting closer!
    I did the first step and it didnt help so I then did the second step of disabling the non microsoft services. This still didnt cure it but then when I disable all everything worked. The only problem was I couldnt get on the internet!

    All the software loaded though that never used to. Is there a specific box in this list that I can uncheck and check all the rest so we cure this?

    Thanks
    Luke
     
    s3ngy, Jan 18, 2006
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes I know you cannot connect to the net of all services are disabled. In fact there are many things that do not work while in this mode.

    What we need to ID is the service or services that are causing the problem. Sounds like it is not one of the third party services. Seems like it is something related to Microsofts Services. Rather than trying to unselect them one at a time to determine which is a problem, try the powers of 2 approach to identify it. That is, bring up the Services tab list and uncheck the top half of them and leave the bottom half check. Now reboot and see how things work.

    If it does work, one or more of the services in the top half is the problem. So now leave only the top quarter of the services unchecked. And continue this.

    If when you did first half unchecked it does not help, it would mean that the bottom half of the services is where you need to focus.

    Do you understand my logic and how I'm asking you to narrow in on the problem?
     
    chaslang, Jan 18, 2006
    #24
  25. s3ngy

    s3ngy Private E-2

    Hi,
    O my god mate, we are nearly there, it is the file called "FAX"

    Everything works if this is not selected what shall I do to make this final and what does this file do?

    Thanks
    Luke

    P.S can I donate some money to majorgeeks or to you for this help?
     
    s3ngy, Jan 18, 2006
    #25
  26. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you mean this one: fxssvc.exe

    More info on it is here:
    http://www.liutilities.com/products/wintaskspro/processlibrary/fxssvc/

    Do you use this Microsoft Fax Service? You probably do not (or at least do not need it to always run).

    Click Start, Run, and enter services.msc and click OK. In the services window locate the Fax service. When found double click on it and then change the Startup Type from Automatic to Manual.


    No we do not accept donations. Just send your friends here and if you want, you can buy some Geek-wear (see the main page under the INFO heading to the right side).
     
    chaslang, Jan 18, 2006
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds