Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Reacting Computer


  • Please log in to reply
17 replies to this topic

#1 nmdamgud

nmdamgud

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 03 December 2006 - 03:32 AM

hullo, hard working guys n gals:

i went off for two weeks and my son decided to let his gf use my puter...and i came back to a puter that is running very slowly. also, when someone im's me, it "struggles" to get thru...and interferes with whatever i'm doing, often knocking me off whatever site i'm in.

i'm no stranger to bc.com, although it's been awhile due to family difficulties, and i thank you in advance for all your hard work.

in msn messenger, yes, i have plus!, however, i DO go thru and read it and check all the appropriate boxes to make SURE i get no adaware.

thanx again!

Logfile of HijackThis v1.99.1
Scan saved at 1:19:15 AM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
E:\MUSIC2\LimeWire\LimeWire.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\adobe reader\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\damgud\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [Windows] system.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\damgud\Local Settings\Temporary Internet Files\Content.IE5\RSKLMW6P\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\RunServices: [Windows] system.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: LimeWire On Startup.lnk = E:\MUSIC2\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com/panel/grapevine/dcainst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O18 - Protocol: bw+0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:37 AM

Posted 03 December 2006 - 04:09 AM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions.
There is a possibility some of the instructions will need to be carried out where internet access is not available.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and that you don't miss out any steps.
If you have any queries about the process or just general questions, just ask.

You've got quite a nasty infected here, let's start to remove it.
I wouldn't be surprised if this was caused by the P2P programs installed.

Step #1
You are missing one important program on that computer - an antivirus!
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

Step #2
You have Logitech Desktop Messenger installed on your computer.
Once a week, when connected to the internet, Logitech Desktop Messenger will automatically connect with Logitech servers to see if there are any new messages for you. It performs this check during idle time to avoid slowing down other applications that may be accessing the Internet.

If there is a message on the server, then Logitech Desktop Messenger will download the message utilizing bandwidth that would otherwise be unused. After the message is downloaded, Logitech Desktop Messenger will wait for one minute of keyboard and mouse inactivity before displaying the message on your screen. I suggest doing all updates yourself and removing this application!

This will not affect any other Logitech software or hardware in any way.
Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by double-clicking on the following entries:
Logitech Desktop Messenger

Step #3
You are using the LimeWire p2p file sharing program.
This is not technically malware by itself, but it installs malware in order to run properly.
It also opens the door for every other nasty program you can think of.
I strongly recommend that you remove it from your computer.
Read this article for alternatives that will provide some of the same function without the garbage:
http://www.spywareinfo.com/articles/p2p/

I suggest you remove the program now.
Of course if you decide to keep it, it's not a problem.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
LimeWire

Also uninstall NetRatingsNetmeter if there.

This is another article you can read:
http://www.cexx.org/adware.htm
The choice to remove it is entirely up to you, but I would strongly recommend that you get rid of it.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Step #4
Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - <default> - (no file)
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [Windows] system.exe
O4 - HKLM\..\Run: [RemoveWGA] C:\Documents and Settings\damgud\Local Settings\Temporary Internet Files\Content.IE5\RSKLMW6P\RemoveWGA.exe -startup
O4 - HKLM\..\RunServices: [Windows] system.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: LimeWire On Startup.lnk = E:\MUSIC2\LimeWire\LimeWire.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Step #5
Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\Windows\System32\system.exe

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now.
When asked if you want to reboot now, say Yes.

Step #6
After the reboot, Please download, install, and update AVG antispyware
Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.

After the update finishes (the status bar at the bottom will display "Update successful")
Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine.
Click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take quite a while to run, so be prepared. Ewido will list any infections found on the left hand side.

When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button.
AVG antispyware will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As".
This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Close AVG antispyware and reboot!! Please post the log in your next reply.
Also post a new Hijackthis log.

David

#3 nmdamgud

nmdamgud
  • Topic Starter

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 07 December 2006 - 05:21 PM

ooooooo-k, david, i did all the assigned homework. consider me properly punished for the anti-virus! i had been running avg, and in all honesty, have NO clue as to where it went. i think i had some problems with it and deleted it, fully intending to dl it again..but with my dial up connection, i try to do downloads at nite....and i just forgot. sham on me. :thumbsup:

i use limewire sparingly...and i have it set so that i must manually go in and connect it. i couldn't remember how to take it off start-up, ty for doing that.

the netreadings netmeter are thru ac nielsen...i am compensated for belonging to that. it's not alot, but when you're disabled and living on a very small set income, every little bit helps. the contract with them stated firmly there would be no adware, spyware, or email address sharing. so far they've stuck to their word. as i said, my puter was running clean until i left for a month and my son let his gf use my computer.
the OTX is likewise.

here are the new HJT logs and AVG logs:

Logfile of HijackThis v1.99.1
Scan saved at 3:12:46 PM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\damgud\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com/panel/grapevine/dcainst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O18 - Protocol: bw+0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:01:07 PM 12/7/2006

+ Scan result:



C:\backups\backup-20040730-174830-170.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bi2.exe/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bi2.exe/biprep.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\c58bKs.dll/bi.dll -> Adware.BiSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\c58bKs.dll/biprep.exe -> Adware.BiSpy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Adware.BlazeFind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Adware.BlazeFind : Cleaned with backup (quarantined).
E:\hijack this\backups\backup-20040817-120339-238.dll -> Adware.DownloadWare : Cleaned with backup (quarantined).
E:\hijack this\backups\backup-20041031-013549-384.dll -> Adware.DownloadWare : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx -> Adware.IWon : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\Rem11.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\Rem16.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\Rem3.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\Rem33.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\RemD0.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\RemD2.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\RemD4.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\RemD6.exe -> Adware.Lop : Cleaned with backup (quarantined).
C:\Documents and Settings\damgud\Local Settings\Temp\mmbun2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP207\A0066531.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1645522239-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\damgud\Local Settings\Temp\SaveInstWsS.exe/Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\damgud\Local Settings\Temp\SaveInstWsS.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\damgud\Local Settings\Temp\SaveInstWsS.exe/Search.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWRT01.RT -> Adware.SecondThought : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Adware.SecondThought : Cleaned with backup (quarantined).
C:\Documents and Settings\damgud\Local Settings\Temp\i15.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP214\A0096045.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SWRT01.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SplWbr.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\temp.fr3CE5 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\temp.fr5C29 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\temp.fr8698 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\RUSS\Local Settings\Temp\temp.frEB07 -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\damgud\Local Settings\Temp\SaveInstWsS.exe/DnldStub.exe -> Downloader.Small.kl : Cleaned with backup (quarantined).
E:\MsgPlus-301.exe/Sponsor.exe -> Downloader.Swizzor.bt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\c57bJs.dll -> Dropper.Agent.of : Cleaned with backup (quarantined).
C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
C:\Documents and Settings\damgud\Local Settings\Temp\AcsProxyStub.exe -> Hijacker.Agent.di : Cleaned with backup (quarantined).
C:\Documents and Settings\STACEY\Cookies\stacey@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\bgtool\Cookies\bgtool@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\bgtool\Cookies\bgtool@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@jewelrytelevision.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@prizeamerica.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@www.findaperson.com.19828.fb.dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@www2.enigmasoftwaregroup[2].txt -> TrackingCookie.Enigmasoftwaregroup : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ajc5ckog-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@a-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ajc5ckog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@e-2dj6wjmysid5aeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4okczchoqydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkooocpaepqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ojdjaeoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyemdpsepq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyaicjcaow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycld5sapa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycocjoaoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywmdjslpa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@e-2dj6whlyondjohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@e-2dj6wjkyuncjcko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@e-2dj6wjlywkdpgcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\bgtool\Cookies\bgtool@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\bgtool\Cookies\bgtool@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\STACEY\Cookies\stacey@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\bgtool\Cookies\bgtool@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\RUSS\Cookies\russ@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\bgtool\Cookies\bgtool@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\damgud\Cookies\damgud@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\MSN.exe -> Worm.Kelvir.bq : Cleaned with backup (quarantined).


::Report end

Thanx for all your hard work and your prompt attention! Love you guys DEARLY :flowers:

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:37 AM

Posted 08 December 2006 - 04:54 PM

Hey there nmdamgud,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O18 - Protocol: bw+0 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
<--all entries like this one.

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download and save Blacklight to your desktop.
Double-click blbeta.exe then accept the agreement.
Click on scan then click next,
You'll see a list of all items found.
Do not choose for rename yet! I want to see the log first; legitimate items can also be present.
There is a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

Please perform this online scan: Kaspersky Webscan
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the Kaspersky scan results in your next reply, along with a new Hijackthis log.
Also post the blacklight log.

David

#5 nmdamgud

nmdamgud
  • Topic Starter

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 11 December 2006 - 10:20 AM

hi david,

sorry it's taken me so long to get to this...when you've been SO prompt in taking care of me! in answer to your question the other evening, YES! my puter IS running better already....and msn no longer "struggles" to get thru! tytyty!

i hardly know which log to post first, but here is the blacklight:

12/10/06 16:06:45 [Info]: BlackLight Engine 1.0.47 initialized
12/10/06 16:06:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/10/06 16:06:46 [Note]: 7019 4
12/10/06 16:06:46 [Note]: 7005 0
12/10/06 16:06:51 [Note]: 7006 0
12/10/06 16:06:51 [Note]: 7011 1828
12/10/06 16:06:51 [Note]: 7026 0
12/10/06 16:06:51 [Note]: 7026 0
12/10/06 16:07:02 [Note]: FSRAW library version 1.7.1020
12/10/06 17:30:42 [Note]: 7007 0

and the kaspersky:



C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\437675984e7f691903393d230adae9d9_0ddcf8d8-2986-4227-a416-a9f1e340a3f0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\dd3b17bd2ef7b388c65a59b2a0161924_0ddcf8d8-2986-4227-a416-a9f1e340a3f0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e6658cfb53e6f4e49033ea71bfff819_0ddcf8d8-2986-4227-a416-a9f1e340a3f0 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Start Menu\Programs\afantasyjourney.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd skipped

C:\Documents and Settings\All Users\Start Menu\Programs\afantasyjourney.exe WiseSFX: infected - 1 skipped

C:\Documents and Settings\All Users\Start Menu\Programs\installoptical.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd skipped

C:\Documents and Settings\All Users\Start Menu\Programs\installoptical.exe WiseSFX: infected - 1 skipped

C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools(2)\Frequently Asked Questions.url Object is locked skipped

C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools(2)\Home.url Object is locked skipped

C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools(2)\Privacy Policy.url Object is locked skipped

C:\Documents and Settings\All Users\Start Menu\Programs\Web Search Tools(2)\Terms of Use.url Object is locked skipped

C:\Documents and Settings\damgud\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\damgud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\damgud\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\damgud\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\damgud\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\damgud\My Documents\bluerosewp.exe/WISE0015.BIN Infected: Trojan-Dropper.Win32.Small.jh skipped

C:\Documents and Settings\damgud\My Documents\bluerosewp.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d skipped

C:\Documents and Settings\damgud\My Documents\bluerosewp.exe WiseSFX: infected - 2 skipped

C:\Documents and Settings\damgud\My Documents\themes\fishaqua.exe/WISE0016.BIN Infected: Backdoor.Win32.Ruledor.c skipped

C:\Documents and Settings\damgud\My Documents\themes\fishaqua.exe WiseSFX: infected - 1 skipped

C:\Documents and Settings\damgud\ntuser.dat Object is locked skipped

C:\Documents and Settings\damgud\NTUSER.DAT.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\RUSS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-28dc289f.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Documents and Settings\RUSS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-28dc289f.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\RUSS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-28dc289f.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Documents and Settings\RUSS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-28dc289f.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Documents and Settings\RUSS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-28dc289f.zip ZIP: infected - 4 skipped

C:\Documents and Settings\RUSS\Local Settings\Temp\sta86.exe Infected: Trojan-Downloader.Win32.Swizzor.aw skipped

C:\Documents and Settings\RUSS\Local Settings\Temporary Internet Files\Content.IE5\8F8D2VGB\a676a975[1].js Infected: Trojan-Downloader.JS.Small.aq skipped

C:\Documents and Settings\RUSS\Local Settings\Temporary Internet Files\Content.IE5\WX2BIJ0D\deliver46860[1].htm Suspicious: Exploit.HTML.Mht skipped

C:\Documents and Settings\STACEY\Local Settings\Temporary Internet Files\Content.IE5\8TYRWX2Z\prompt[1].php Infected: Trojan-Downloader.JS.WinAD.a skipped

C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci\00010003.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP219\A0097797.exe Infected: IM-Worm.Win32.Kelvir.bq skipped

C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP219\A0097798.dll Infected: Trojan-Dropper.Win32.Agent.of skipped

C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP219\A0097799.dll Infected: Trojan-Dropper.Win32.Small.abe skipped

C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP219\A0097808.exe Infected: Trojan-Dropper.Win32.Agent.og skipped

C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP219\A0097809.dll Infected: Trojan-Dropper.Win32.Mudrop.ae skipped

C:\System Volume Information\_restore{B9AC8AEF-E9C4-4DF9-BD48-89A71AD65853}\RP219\change.log Object is locked skipped

C:\temp\Bargains.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped

C:\temp\Bargains.exe/stream Infected: Trojan-Clicker.Win32.VB.ex skipped

C:\temp\Bargains.exe NSIS: infected - 2 skipped

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Temp\IMT7.xml Object is locked skipped

C:\WINDOWS\Temp\IMT8.xml Object is locked skipped

C:\WINDOWS\Temp\IMT9.xml Object is locked skipped

C:\WINDOWS\Temp\WGANotify.settings Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\1midnightclearss.exe/WISE0019.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

E:\1midnightclearss.exe WiseSFX: infected - 1 skipped

E:\1midnightclearss.exe WiseSFX Dropper: infected - 1 skipped

E:\apocrissyss.exe/WISE0019.BIN Infected: Trojan-Downloader.Win32.Small.bke skipped

E:\apocrissyss.exe WiseSFX: infected - 1 skipped

E:\apocrissyss.exe WiseSFX Dropper: infected - 1 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

and finally my HJT:

Logfile of HijackThis v1.99.1
Scan saved at 8:20:33 AM, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Documents and Settings\damgud\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com/panel/grapevine/dcainst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

no huge hurry, and TYTYTY again!!!

damgud

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:37 AM

Posted 11 December 2006 - 12:41 PM

Hello there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

You still have no installed an antivirus program, but you did install AVG antimalware.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
AVG and Avast are excellent, free antivirus programs..
Never install more than one antivirus on your system - several together can cause problems and decrease performance.

Click Start > Control Panel.

Double-click the Java icon in the control panel.
The Java Control Panel appears.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

Click Delete Files.
The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache.
- Delete Files
- View Applications
- View Applets
Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.
Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Please find and delete these files:
E:\apocrissyss.exe
E:\1midnightclearss.exe
E:\1midnightclearss.exe

C:\Documents and Settings\damgud\My Documents\themes\fishaqua.exe
C:\Documents and Settings\damgud\My Documents\bluerosewp.exe
C:\Documents and Settings\All Users\Start Menu\Programs\installoptical.exe
C:\Documents and Settings\All Users\Start Menu\Programs\afantasyjourney.exe

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the fox --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

We need to purge your infected system restore points.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Now, we want to create a new, clean restore point.
Please first reboot your computer.
Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point - Something like "After trojan/spyware cleanup".
Click Create and you're done.

Reboot for a final time and let me know how the PC is running.
David :thumbsup:

#7 nmdamgud

nmdamgud
  • Topic Starter

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 15 December 2006 - 07:11 PM

hi again, david!

did all my homework, dl'ed avg anti-virus (i thought that's what i did the first time, sorry!), and wanted to post one more hjt, because the puter slowed down AGAIN in between fixes. and, no, i have NOT used the limewire!

a few questions, please??

when i do the cleanmgr, one of the choices is: WEBCLIENT/PUBLISHER TEMPORARY FILES. do i want to clean this as well?? and what, exactly, is it?

second, now that i've gotten the right avg, do i need to keep the anti spyware? i thought i read the anti-virus has an anti-spyware built in? please advise.

thanx, again, for ALL your hard work. it is a delight to know that, living on a fixed, disabled income, there are people out there to help...without charging an arm and a leg. love you guys! :thumbsup:

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:37 AM

Posted 16 December 2006 - 05:48 AM

Hey there, I found the following in the Windows Help files:
"The WebClient/Publisher service maintains a cache of accessed files on disk.
These files are kept locally for performance reasons only, and can be deleted safely."

You can safely run cleanmgr again and remove these files if you wish.

You do not need to keep the Avg antispyware guard, but I recommend you do.
It will keep you protected from online threats, and it is an excellent scanner for removing malware.
It is quite common that after installing an antivirus that the PC will slow down a bit.
This should improve, but it's important to compare a small slow-down to the added protection you will recieve.

Let's continue by looking at a new Hijackthis log.

#9 nmdamgud

nmdamgud
  • Topic Starter

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 17 December 2006 - 11:43 AM

well, DUH. guess you can't check it if i don't post it, huh? sorry. :thumbsup: (well, ok, so i didn't really blush! but it was close!)

i went ahead and ran a new log, rather than post the one i actually ran the other day.

b/t/w....what are those last entries...sony corporation something-or-other? i have absolutely nothing...hardware, software, or otherwise, that is sony. plus it's after i added the avg, and i've added nothing to my registry, promise!

thanx again, david...you're great!


Logfile of HijackThis v1.99.1
Scan saved at 9:37:02 AM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\damgud\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com/panel/grapevine/dcainst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:37 AM

Posted 17 December 2006 - 01:09 PM

Are you sure you don't have any Sony related products on the PC?
I see two services which are related to Sony, so I'd like to check.
Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

The Hijackthis log looks clean to me, no problems at all.

There are a few steps I want you to complete to try and resolve the slow down on your computer.
A whole host of reasons might account for this slow down, but I will highlight the most prominent ones below.
On most computers malware is the most common cause, but at the moment I do not think this is the case.
You might like to limit the programs that are loading when your computer starts, you might have unneccessary software loading whn you boot your computer which is eating away at your CPU and ultimatley slowing down your computer. Many programs install a quick launch feature which is not needed; if you want to use the program you can start it up manually. The easiest way to see whether a program is needed at startup, you can use bleeping computer's own list, which gives an indication of whether the program is required/optional etc. Note that essential processes such as those for your anti-virus or your modem must be kept.
So, firstly click on start, then run and type msconfig. Then hit enter.
Click on the startup tab and a list of programs will appear.
You can compare the startup name with those on the startup list., link is below:
www.bleepingcomputer.com/startups

To stop a program loading at boot just remove the tick.
Click "Ok", and choose to restart.

You might like to try and clear clutter off your computer, and free up some space on your harddrive.
Old games, unwanted photos and unused programs could be a starting point.
You can also clear clutter such as temprary files by doing the following:
Go to start and click on the "run" button.
Type the following in the box --> cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them.

Next you can defragment your hard-drive...when was the last time you did this?
Windows puts new files in any available open space and defragging will cluster files closer together making your harddrive more efficient.
This saves wear and tear while speeding up programs.
1. Open My Computer.
2. Right-click the local disk volume that you want to defragment, and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.
5. This process takes quite a long time, so be patient.

You might also like to read the following tutorial as additional infomation to the above:
These selfhelp instructions can be found here

David

#11 nmdamgud

nmdamgud
  • Topic Starter

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 17 December 2006 - 03:22 PM

dam you're fast! ty for the attention!

as i was doing the hjt log, i was thinking it was about time to defrag...i'll run it tonite when i go to bed. it takes a bit as i have 2 hard drives.

as fas as i know, i have absolutely NO sony related products, and never have. nothing. should be interesting.

i'm still having trouble w/msn...when i try to open a window, it seems to take forever...i actually timed it this morning, and from the time i clicked on a contact's list to the time the window actually opened, it took 106 seconds. it never used to do that. does the same when someone IM's me. and it freezes everything i'm doing while it opens, as well. a real PITA.

here's the list from HJT you asked for:


3D Groove Playback Engine
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Acrobat Reader 3.01
Adobe MPEG Encoder
Adobe Photoshop Album 2.0 Starter Edition
Adobe Premiere 6.5
Adobe Reader 7.0.8
Advanced RealMedia Export Plug-in for Premiere 6.0
Agere Systems PCI Soft Modem
Ancient Tripeaks (remove only)
Aquatica 3
Aquatica Scenery Maker
ArcSoft Software Suite
ASUS Probe V2.23.01
AVG Anti-Spyware 7.5
AVG Free Edition
Best of Fantasy 2 Screen Saver
BJC-1000
Blue Moonlight SS
Christmas Aquarium
Classic PhoneTools
Comcast Rhapsody
Consumer Input Software (remove only)
Deep Purple Clock
DesignPro 5.0 Limited Edition
DING!
Dragon and Sword Screen Saver
Dragon Chasing V1 Screen Saver
Dragon Chasing V2 Screen Saver
Dragon Fire
Dragon Fire (C:\Program Files\Dragon Fire\)
Dream Weaver
eBay Toolbar
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON RX500 Reference Guide
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
Extraordinary World
Fantasy Screen Saver
Flaming Shadows
FTDI USB Serial Converter Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Heroes II Gold
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Homescan Internet Transporter
HWiNFO32 Version 1.62
Intelligent Life
interneTIFF IE Version 5.0--FREE
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
JuliaSaver 2.0
Kaspersky Online Scanner
L-500V Camera Reference Guide
LimeWire 4.9.30
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft FrontPage 2000
Microsoft Office 2000 SR-1 Professional
Microsoft Streets and Trips 2002
Microsoft Windows Journal Viewer
mIRC
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Nero
Nielsen//NetRatings
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
PIF DESIGNER2.1
Plexagram
ProSavageDDR and Utilities
QuickTime
RealArcade
RealPlayer
S3Display
S3Gamma2
S3Info2
S3Overlay
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave
SonicStage 2.0.06
Spybot - Search & Destroy 1.3
Trillian
Tweakui Powertoy for Windows XP
Typer Shark Deluxe 1.01
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Vividence Connector
Web Savings from Ebates
Window Active
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix [See KB892906 for more information]
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
Yahoo! Messenger

thanx for all the hard work, as ever, david, i really, REALLY appreciate it!

damgud

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:37 AM

Posted 17 December 2006 - 03:35 PM

Hello there,

Well the uninstall list you posted is very interesting.
I see two entries that need to be removed as soon as possible.
They are reported to slow down internet explorer's performance.

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

Vividence Connector
Web Savings from Ebates


Go to start > run and type cmd
A dos Window will appear.
Type next in the dos window: netsh winsock reset
Hit enter and reboot.

Your Java is out of date and the older versions are being exploited by malware.
We need to get it patched up as soon as possible.
Click on start, then control panel, and then double-click on add/remove programs.
Search in the list for all older installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it: Posted Image
Highlight each and click Remove.
Then Download and install the newest version from here:
http://www.java.com/en/download/manual.jsp

Reboot and post the Hijackthis log. Let me know if the defragment helped.
Check out internet explorer and see if anything improved there.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David

#13 nmdamgud

nmdamgud
  • Topic Starter

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 17 December 2006 - 07:43 PM

quick note before i forget, david...this is the umpteenth time i've tried to remove that dam webebate crap...when i do, it says, "could not find the main class. program will exit"...and it stays there. any ideas?

i'll post again when i'm done w/the rest.

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:07:37 AM

Posted 18 December 2006 - 04:38 AM

Ok, in addition to the above, all complete the following:

Open HijackThis.
Click Open the Misc Tools section.
Click Open Uninstall Manager.
Find and Select this item: Web Savings from Ebates .
After you have selected the item click Delete this entry.
Then close HijackThis.

Include a new uninstall list at the end too.

#15 nmdamgud

nmdamgud
  • Topic Starter

  • Members
  • 357 posts
  • OFFLINE
  •  
  • Location:santa fe, new mexico
  • Local time:01:37 AM

Posted 18 December 2006 - 04:31 PM

hiya, david...here we go again!

i went thru the startup and removed several, however, there were two that are "X" according to bc.com. i'm wondering if these need removing from somewhere in my puter? they are SOUNDMAN and JUSCHED. anyway.

here is the combofix. log:

damgud - 06-12-18 14:00:21.40 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\damgud\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-18 to 2006-12-18 ))))))))))))))))))))))))))))))))))


2006-12-18 09:01 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-15 16:55 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-15 16:55 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-15 16:55 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-15 16:55 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-15 16:55 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-15 16:55 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-15 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-10 20:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-07 12:43 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-07 12:43 <DIR> d-------- C:\Program Files\Grisoft
2006-11-27 03:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-27 03:03 <DIR> d-------- C:\a5d5224b1bdae58f45ffcd8a2904
2006-11-26 04:18 <DIR> d-------- C:\Program Files\DeskMates


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-18 11:02 -------- d-------- C:\Program Files\Java
2006-12-18 09:01 -------- d-a------ C:\Program Files\Common Files
2006-12-16 05:04 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-16 05:04 -------- d-------- C:\Documents and Settings\damgud\Application Data\AdobeUM
2006-12-16 03:05 -------- d-------- C:\Program Files\Internet Explorer
2006-12-16 03:02 -------- d-------- C:\Program Files\Outlook Express
2006-12-16 03:02 -------- d-------- C:\Program Files\Common Files\System
2006-12-10 17:02 -------- d-------- C:\Program Files\Google
2006-12-06 22:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 15:50 -------- d-------- C:\Program Files\Winamp
2006-11-07 22:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 06:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 05:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 05:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 05:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"EPSON Stylus Photo RX500"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2K1.EXE /P24 \"EPSON Stylus Photo RX500\" /O6 \"USB002\" /M \"Stylus Photo RX500\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NetMeter"="C:\\Program Files\\NetRatingsNetmeter\\NetMeter\\NielsenOnline.exe"
"MegaPanel"="C:\\Program Files\\ACNielsen\\Homescan Internet Transporter\\HSTrans.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,34,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^damgud^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\damgud\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="E:\\MUSIC2\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapFax]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CapFax"
"hkey"="HKLM"
"command"="C:\\Program Files\\Classic PhoneTools\\CapFax.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eBayTBDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ltmoh"
"hkey"="HKLM"
"command"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMSX"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\K-Lite Codec Pack\\real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTPreset"
"hkey"="HKLM"
"command"="VTPreset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job

Completion time: 06-12-18 14:03:42.10
C:\ComboFix.txt ... 06-12-18 14:03


here is the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 2:30:55 PM, on 12/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\damgud\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\adobe reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\adobe reader\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {93EFDAB8-8800-4896-B428-76F943140E1B} - http://www.consumerinput.com/panel/grapevine/dcainst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{07792C37-7630-4C98-BB4F-4DE025FB2139}: NameServer = 198.59.109.7 206.165.6.11
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB5DE84A-4C4E-42AF-AAD9-2821D803E47E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe


and here is the uninstall list:

3D Groove Playback Engine
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Acrobat Reader 3.01
Adobe MPEG Encoder
Adobe Photoshop Album 2.0 Starter Edition
Adobe Premiere 6.5
Adobe Reader 7.0.8
Advanced RealMedia Export Plug-in for Premiere 6.0
Agere Systems PCI Soft Modem
Ancient Tripeaks (remove only)
Aquatica 3
Aquatica Scenery Maker
ArcSoft Software Suite
ASUS Probe V2.23.01
AVG Anti-Spyware 7.5
AVG Free Edition
Best of Fantasy 2 Screen Saver
BJC-1000
Blue Moonlight SS
Christmas Aquarium
Classic PhoneTools
Comcast Rhapsody
Consumer Input Software (remove only)
DesignPro 5.0 Limited Edition
DING!
Dragon and Sword Screen Saver
Dragon Chasing V1 Screen Saver
Dragon Chasing V2 Screen Saver
Dragon Fire
Dragon Fire (C:\Program Files\Dragon Fire\)
Dream Weaver
eBay Toolbar
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
EPSON RX500 Reference Guide
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
Extraordinary World
Fantasy Screen Saver
Flaming Shadows
FTDI USB Serial Converter Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Updater
Heroes II Gold
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Homescan Internet Transporter
HWiNFO32 Version 1.62
Intelligent Life
interneTIFF IE Version 5.0--FREE
J2SE Runtime Environment 5.0 Update 9
JuliaSaver 2.0
Kaspersky Online Scanner
L-500V Camera Reference Guide
LimeWire 4.9.30
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Flash Player 8
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft FrontPage 2000
Microsoft Office 2000 SR-1 Professional
Microsoft Streets and Trips 2002
Microsoft Windows Journal Viewer
mIRC
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
Nero
Nielsen//NetRatings
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
PIF DESIGNER2.1
Plexagram
ProSavageDDR and Utilities
QuickTime
RealArcade
RealPlayer
S3Display
S3Gamma2
S3Info2
S3Overlay
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave
SonicStage 2.0.06
Spybot - Search & Destroy 1.3
Trillian
Tweakui Powertoy for Windows XP
Typer Shark Deluxe 1.01
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Window Active
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix [See KB892906 for more information]
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
Yahoo! Messenger


everytime i see that i mean to uninstall yahoo...think i'll go do that right this minute...lol

thanx for all your help, david...hope your holidays are merry and your new year prosperous!

damgud




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users