Spybot and BitDefender crashing my system

Discussion in 'Malware Help (A Specialist Will Reply)' started by sirvix, Mar 1, 2006.

  1. sirvix

    sirvix Private E-2

    I recently made the mistake of clicking on a link in a very questionable email (I think it was a phishing scam) and am paranoid that I might have triggered some malware. Around the same time period I replaced my old cd burner w/ a new dvd burner and deleted a large amount of unwanted music and video files.

    Since then my computer performance has been somewhat strange. At times my computer has crashed, other times it locks up, and still other times I've noticed the keyboard pausing temporarily or skipping around mysteriously while I'm typing on message boards.

    I've read through the Read Me First information multiple times and followed intstructions through steps 5 and 6, but I cannot successfully complete a spybot scan or a bitdefender scan. Yes, I've done all of the steps from safe mode. I tried uninstalling spybot and reinstalling it to no avail. I've had success with AdAware, CC Cleaner, MS Malicious Software Removal Tool, and Defender. All of these come up clean now, though AdAware detected three or four items (incl. Alexa) the first few attempts.

    Additionally, I tried defragging my drive and, many hours later, the results showed multiple files that could not be defragmented.

    Dell Dimension w/ Pentium III 933
    WinXP Sp2
    120 GB HD w/ 256 RAM
    AVG anti-virus

    Any ideas why I can't run Spybot? Does my system appear to be infected with any malware?

    I did an HJT log just in case.

    Your help is greatly appreciated.
     

    Attached Files:

    sirvix, Mar 1, 2006
    #1
  2. sirvix

    sirvix Private E-2

    Another attempt, more problems....

    this time when I attempted a full scan with MS Defender i got an error message that said

    "Windows Defender encountered an error: 0x800106ba. A problem caused Windows Defender to stop..."
     
    sirvix, Mar 1, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs!

    The HJT log you posted shows that neither BitDefender or PandaActiveScan were ever even started. Please run them per step 6 and attach both logs.
     
    chaslang, Mar 1, 2006
    #3
  4. sirvix

    sirvix Private E-2

    but that's kinda the problem. I can't run them without my system locking up.

    Once the system locks up, how am I able to do an HJT?
     
    sirvix, Mar 1, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    How far did you get in running them? This is why we state in the READ ME that you need to tell us the results of what goes on.

    And in your first message here you did not even mention Panda. Did you actually try running it?

    The main reason I stressing to run the other scans is that your HJT log does not show any malware which can be very typical. That is why we object when people post it without doing the other steps. It really shows very little of what exists in the malware world. However that being said, run HJT and select the below lines (which are not malware - they are just junk) and then click FIx checked:

    O18 - Protocol: bw+0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {5ECA389E-BD0E-4F3B-BDD1-05A8FF06AB6A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    If you cannot run BitDefender or Panda, run the below and attach the requested log:

    Running Spy Sweeper
     
    Last edited: Mar 2, 2006
    chaslang, Mar 2, 2006
    #5
  6. sirvix

    sirvix Private E-2

    NO, I haven't tried Panda yet b/c the instructions in the ReadMe thread say to run BitDefender first; it was unclear to me whether it was safe to do so with Panda since I haven't successfully done so with BitDefender.

    With spybot my system crashes around the 75% point--I haven't been able to get it past this point

    27575/355887:popup Notes

    I tried to run BitDefender again a short while ago and it crashed my system while I was out of the room after about 15 or 20 minutes, probably without having executed past the 30% mark.

    The first thing I did when it rebooted was to do an HJT, which I've attached.

    Thanks for your help. Much appreciated.
     

    Attached Files:

    sirvix, Mar 2, 2006
    #6
  7. sirvix

    sirvix Private E-2

    Thanks, I'll try it with SpySweeper and see what happens.
     
    sirvix, Mar 2, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Let's see what SpySweeper shows us. You HJT logs is not showing us anything of interest.

    Did Ad-Aware SE run all the way thru?
     
    chaslang, Mar 2, 2006
    #8
  9. sirvix

    sirvix Private E-2

    Apologies for the delay, but my problems persist and I had to take a break from the computer for the sake of my sanity.

    I tried running SpySweeper per the exact instructions but it locked up my system after approximately half an hour of sweeping. By that point it had found five objects: CoolWebSearch, along with four spy cookies (go.com, 2o7.net, questionmarket, and tribalfusion).

    AdAware, on the other hand, completed successfully and found nothing.

    Any suggestions?
     
    sirvix, Mar 2, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try the below but first save or Print these steps locally because I want you to be offline with no other windows opened while running. Now disconnect (unplug your cable) and exit ALL browsers before continuing.
    • Run SpySweeper but do not scan yet. Just leave it open.
    • Press CTRL-SHIFT-ESC to bring up Task Manager. DO NOT CLOSE IT UNTIL I TELL YOU TO.
    • Select the Processes tab and click the Image Name column heading to sort by name
    • Locate all occurences of IEXPLORE.EXE and right click on them and select End Process
    • Don't be alarmed when doing the next step because your Desktop will blank out and no icons will being showing. It is only temporary.
    • Locate all occurences of EXPLORER.EXE and right click on them and select End Process
    • Now see if you SpySweeper scan can run to completion. If so, save the log.
    • If not, and your system reboots or locks up just tell me later.
    • If not, and your system does not reboot or lockup, tell me this too, but now in Task Manager, click File, New Task(Run...) and enter explorer.exe and click OK. This will bring back your Desktop.
     
    chaslang, Mar 2, 2006
    #10
  11. sirvix

    sirvix Private E-2

    uh oh....

    when I ran SpySweeper I received a warning that one of the installation files had been damaged. Should I uninstall/reinstall first or go ahead and follow the above steps?
     
    sirvix, Mar 2, 2006
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall, reboot, then reinstall & make sure you get the updates again. Then continue the procedure.
     
    chaslang, Mar 2, 2006
    #12
  13. sirvix

    sirvix Private E-2

    same result, unfortunately.

    my computer simply shut down after about ten minutes or so and rebooted.

    during reboot the screen scrolled this message for a good few seconds before booting up:

    the size of the doc: setting\local service\application data\webroot\spysweeper\temp\---------.tmp is not valid
     
    sirvix, Mar 2, 2006
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall SpySweeper, reboot and then delete the folder

    C:\Documents and Settings\local service\application data\webroot

    Then open Windows Explorer and right click on your C Drive and select Properties.
    Then select Tools. Then in the Error-checking box click the Check Now.. button.
    Then check both check boxes and then click Start.

    After the Check Disk completes reboot and try to use SpySweeper again. I'm betting your problems have nothing to do with malware but are more related to hardware or software problems.
     
    chaslang, Mar 2, 2006
    #14
  15. sirvix

    sirvix Private E-2

    I did all of that including CheckDisk and SpySweep still locks up.

    I've uninstalled it. Should I uninstall Spybot also since it won't complete either?

    At least AdAware works.
     
    sirvix, Mar 3, 2006
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Were there any disk errors? If so, did they get fixed?

    In your first message, you said:
    What files could not be defrag? There are some system files that cannot be touch.

    You problems still seem like something other than malware.

    See if the below will run. If so, attach the log.
     
    chaslang, Mar 3, 2006
    #16
  17. sirvix

    sirvix Private E-2

    it took a while to run disk check, but it ran successfully and (surprisingly) found no errors.

    I can't remember what files couldn't defrag, but iirc they were mostly from My Documents folder. Might it have something to do with the gigs of downloaded music I deleted?

    I'll try Ewido next.
     
    sirvix, Mar 3, 2006
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But they should still defrag! Only locked system files cannot be moved. This includes System Restore files.
     
    chaslang, Mar 3, 2006
    #18
  19. sirvix

    sirvix Private E-2

    Chas, sorry for the long delay.

    Good news: I was finally able to run a scan all the way through with Ewido. It found one threat, that not-a-virus.downloader.win32 thing.

    Can you check out this HJT?
     

    Attached Files:

    sirvix, Mar 7, 2006
    #19
  20. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log is clean but you can fix the left over line from Spy Sweeper:

    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

    Are you currently having any malware problems?
     
    chaslang, Mar 7, 2006
    #20
  21. sirvix

    sirvix Private E-2

    No, but I am having difficulties defraggin my harddrive. I deleted a large volume of music files recently and now my hd is riddled with pockets of red.

    I've run diskkeeper lite twice with different results-- once it crashed my system and the other time it slowed to a crawl at about the 25% mark after about ten hours of defragmentation. Before using Diskkeeper, I used the Windows Defrag Utility but it wasn't able to move the files successfully. The analysis report shows that these specific fragmented files aren't system files but music files from My Documents.

    Also, I took a look inside my computer and found a lot of dust on my heatsink, which doesn't appear to be working properly. Could this be the reason for my shutdowns running Spybot, Panda, SpySweeper, and Disk Defrag?

    Again, thanks for all your help.
     
    sirvix, Mar 7, 2006
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    These are not malware issues. You could just be having conflicts with various programs that are running (like antivirus or antispyware applications - anything that could write to the disk can interrupt a defrag). You should post a question in the Software Forum. But you need to be more specific. You keep saying certain files in Documents and Settings would not move. You need to indicate which files you are referring too. Exactly which file names and and what the full path is. You may have them locked or open in some form.

    Again, this does not appear to be malware at this time.
     
    chaslang, Mar 7, 2006
    #22

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds