Help - Search - Members - Calendar
Full Version: Help
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
vernsunited
Dec 31 2006, 07:09 PM
Hello All

I am in need of some help relating to viruses I think I may have. I am only a very basic computer user so any detailed help and instructions would be greatly appreciated.

I have windows XP and I have the following software:-

McAfee Firewall
AVG Anti virus
Ad-Aware SE

Each time I run Ad-Aware about 10 new threats appear two of them are Virtumonde which although I delete keep coming up each time the program is run.

I know that somewhere hidden on the system I still have Win antivirus pro 2006 as this is still showing in the control panel but I don't know how to delete(deleted from add / remove programs).

I have done a log as requested which is as follows and has just been done:-

Logfile of HijackThis v1.99.1
Scan saved at 17:16:44, on 31/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nicola\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redissue.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\onhagicb.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtusqop.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C845A376-8613-44F3-B046-958B17BF00F8} - C:\WINDOWS\System32\awvtt.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [SVC Hostz] svchostz.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\RunServices: [SVC Hostz] svchostz.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] syswind.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [SVC Hostz] svchostz.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O17 - HKLM\System\CS2\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll (file missing)
O20 - Winlogon Notify: vtusqop - C:\WINDOWS\SYSTEM32\vtusqop.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

None of the above data really means much to me but any help would be great.

Thanks for any help in advance.

Dan
HJThis
Dec 31 2006, 07:16 PM
Hello,vernsunited & Welcome


We can help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to reinfection and we're both just wasting our time.

Click here: http://www.microsoft.com/downloads/details...;DisplayLang=en

Apply the update, reboot, and post a fresh Hijack This log.


NOTE: Please do not Apply Sp2 we will get to that after you are all clean.

and once you Apply Sp1a look here

We ask that everyone have a look at the two links in the quote box at the bottom
of my page.go there do as is asked of you then come back here with a new HijackThis logfile.

Gogo wink.gif
vernsunited
Jan 1 2007, 10:49 AM
Hello Again

Thanks for the advice. Tried to install MIcrosoft 1a as per your instruction. I think that this may already have been installed as Microsoft tried to install service package 2 (this failed because of a website problem).

How do I check if the service package 1a is definately installed?

My new log is as follows:-

Logfile of HijackThis v1.99.1
Scan saved at 09:40:26, on 01/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nicola\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redissue.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\onhagicb.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtusqop.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C845A376-8613-44F3-B046-958B17BF00F8} - C:\WINDOWS\System32\awvtt.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [SVC Hostz] svchostz.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\RunServices: [SVC Hostz] svchostz.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] syswind.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [SVC Hostz] svchostz.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O17 - HKLM\System\CS2\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll (file missing)
O20 - Winlogon Notify: vtusqop - C:\WINDOWS\SYSTEM32\vtusqop.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Again any help appreciated.

Thanks

Dan
HJThis
Jan 1 2007, 05:42 PM
Hi,vernsunited

1) By looking at your logfile it's not Sp1a

2) what problmes did you have at the website

3) By right clicking on the My Computer icon then
properties look at the first Tab.

4) In your case if you can goto Sp2 do so.

Gogo wink.gif
vernsunited
Jan 2 2007, 09:13 PM
Hello Gogo

Think I have now managed to successfully download SP1 a.

The new log after re-boot is as follows:-

Logfile of HijackThis v1.99.1
Scan saved at 20:09:12, on 02/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\nicola\LOCALS~1\Temp\Rar$EX00.218\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redissue.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\onhagicb.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtusqop.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C845A376-8613-44F3-B046-958B17BF00F8} - C:\WINDOWS\System32\awvtt.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [SVC Hostz] svchostz.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\RunServices: [SVC Hostz] svchostz.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] syswind.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [SVC Hostz] svchostz.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll (file missing)
O20 - Winlogon Notify: vtusqop - C:\WINDOWS\SYSTEM32\vtusqop.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Appreciate your help and hope you can help me to get rid of the unwanted vieuses.

Thanks for your help

Vernunited
HJThis
Jan 2 2007, 11:08 PM
Hi,vernsunited

you didn't unzip/extract hijackthis.. and it's still in the tempfolder.
So I strongly advise to unzip/extract hijackthis.zip.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Create a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.
How do you make a permanent folder:

Click My Computer, then C:\ and then on Program Files.
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.

=========

It also looks like you are running two Anti-Virus scanners if so it's a bad idea
please Uninstall all Anti-Virus scanners but for one just pick the one
you like best. then just keep it updated.

=========

Goto ControlPanel Add/Remove Programs look for this item here
if found Uninstall/Remove it.
WinAntiVirus Pro 2006

=========

And before you come back here get this done.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6..
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.


Gogo wink.gif
vernsunited
Jan 3 2007, 10:29 AM
Hi again,

Sorry but I just need to try and clarify a few thins. As explained before I am only a basic computer user so sorry if my requests are very simple or basic.

Antii virus - To my knowledge I only have AVG Anti virus, McAfee Firewall and Ad-Aware SE on my system. I thought I needed AVG for viruses, Ad-Aware for adware / malware and McAfee for Firewall. Is this not correct? Each time I run AVG it picks up about two problems and eachtime I run Ad-Aware SE it is currently picking up about 17 potential problems.

Do I need all these proograms or should I delete one? Do I have any other Anti virus programs that I should remove?

WinAntiVirus Pro 2006 - Prior to posting on this forum I already removed the file by using Add / Remove programs but when I go into the control panel it is still showing as a program. When I go into add / remove programs again it is no longer showing so I can not try to remove again. Please advise next step.

Will follow other steps when I get home this evening (approx 8 hours time).

Thanks again for your help and patience.

Vernunited
vernsunited
Jan 3 2007, 09:17 PM
Hi Again

Further to post earlier have tried to follow your instructions and confirm the following:-

Java - Have installed new Java program after deleting existing programs.

Unzipping Hijack this - Am slightly confused as when I right click on Hijack this the option Extract all does not appear. The options available are extract files, extract here and Extract to jijack this/.

I have made a new prmanant folder ready but how do I unzip the file from the options I have available. I do not appear to have exactly the same options as the instructions. Please can you clarify how I should unzip / compress.

Again sorry for the basic questions.

Thanks
vernsunited
Jan 3 2007, 09:40 PM
Hello

Further to mails latest log below.

Logfile of HijackThis v1.99.1
Scan saved at 20:43:36, on 03/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.redissue.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\onhagicb.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtusqop.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C845A376-8613-44F3-B046-958B17BF00F8} - C:\WINDOWS\System32\awvtt.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min
O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [SVC Hostz] svchostz.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\RunServices: [SVC Hostz] svchostz.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] syswind.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [SVC Hostz] svchostz.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O17 - HKLM\System\CS2\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll (file missing)
O20 - Winlogon Notify: vtusqop - C:\WINDOWS\SYSTEM32\vtusqop.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
HJThis
Jan 3 2007, 11:55 PM
Hi,vernsunited

No your doing a great job here it's my bad after looking at
all the logfiles you see things unsure.gif

Next


Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

===========

and have a look here so you know for next time

http://consumer.installshield.com/kb.asp?id=Q108326

Gogo wink.gif
vernsunited
Jan 4 2007, 09:08 AM
Hello Gogo

Thanks for the next batch of info you supplied.

Just a bit worried you may have missed my questions and points on the antii virus, unzipping / compressing the files and removing Win antivirus pro 2006 from the earlier mails.

I know this may be a pain but please could you just clarify the details for my piece of mind. I am not sure I have done everything you asked me to do correctly (please see my 2 posts prior to the last log I sent you).

Again, all your help is appreciated.

Thanks

Vern

unsure.gif
HJThis
Jan 4 2007, 01:10 PM
Hi,vernsunited

Ok if you have a new prmanant folder all you need to do is
goto where the new folder is open it then just right click and extract here
if as you say it's one of the options you see.


Please download VirtumondoBegone to your desktop. This needs to be run in Safemode
( Do not run just Yet )

============

Disable bad service
Start
Run
Type services.msc to the field and press enter.
A window opens, scroll down to Firewall service (FWSvc)
Rightclick it and choose Stop
Then choose Properties
Set Startup to Disabled
Click Apply and OK.

and do the same for this item here
Hardware Clock Driver (hwclock)


Then, open HijackThis.
Open the Misc Tools section
Delete an NT service
Copy the following line to the box and press OK; Firewall service (FWSvc)
Answer Yes
Close HIjackThis

and do the same for this item here
Hardware Clock Driver (hwclock)


===========

View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

===========

Restart your computer in Safe Mode.
  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.
If you need further assistance with Safe Mode, see Symantec

============


Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\System32\onhagicb.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtusqop.dll
O2 - BHO: support - {991EF04C-93CF-469b-A2BE-CC1B3347566F} - C:\Program Files\BHO\plugin.dll (file missing)
O2 - BHO: (no name) - {C845A376-8613-44F3-B046-958B17BF00F8} - C:\WINDOWS\System32\awvtt.dll (file missing)

O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" /min

O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" /min

O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c

O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe"

O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe"
O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKLM\..\Run: [SVC Hostz] svchostz.exe
O4 - HKLM\..\Run: [Microsoft Telecoms Center] syswind.exe
O4 - HKLM\..\RunServices: [SVC Hostz] svchostz.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] syswind.exe
O4 - HKCU\..\Run: [SVC Hostz] svchostz.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] syswind.exe

O20 - Winlogon Notify: awvtt - C:\WINDOWS\System32\awvtt.dll (file missing)

O20 - Winlogon Notify: vtusqop - C:\WINDOWS\SYSTEM32\vtusqop.dll

O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

=============

Next, please find and delete the following files/folders (if present):
C:\WINDOWS\System32\onhagicb.dll<---This file
C:\WINDOWS\system32\vtusqop.dll<---This file
C:\Program Files\BHO\plugin.dll<---This file
C:\WINDOWS\System32\awvtt.dll<---This file
C:\WINDOWS\System32\hwclock.exe<---This file
C:\Program Files\WinAntiVirus Pro 2006\<---This folder
C:\Program Files\Common Files\WinAntiVirus Pro 2006\<---This folder


==============


Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.


Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

=============

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.


===========

Doubleclick on VirtumundoBeGone.exe and follow the instructions.

Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.

When it has finished, reboot and post the log that is created on your desktop called VBG.TXT in your next reply.


Then do a reboot show me a new HijackThis logfile and the VBG.TXT


Gogo wink.gif
vernsunited
Jan 4 2007, 10:29 PM
Hi Gogo

Thanks again for latest updates. Have encountered a few problems and have a few queries I need help with.

a) Firewall service (FWSvc) and Hardware Clock Driver (hwclock) were already showing as status stopped.

cool.gif Tried to start computer in safe mode (followed symantec instructions as well). Every time I got to the sign on screen the computer turned off and started re-booting again. Finally managed to work after about 15 attempts but I am sure this is not working correctly. What could be wrong? How can I repair?

c) Hijack this - Followed instructions, ticked and clicked fix checked. The following files are however still showing:-

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtusqop.dll
O20 - Winlogon Notify: vtusqop - C:\WINDOWS\SYSTEM32\vtusqop.dll
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

Is this correct that these are still showing?

d) Your next instructions asked me to delete the following files / folders (if present):-

C:\WINDOWS\System32\onhagicb.dll<---This file
C:\WINDOWS\system32\vtusqop.dll<---This file
C:\Program Files\BHO\plugin.dll<---This file
C:\WINDOWS\System32\awvtt.dll<---This file
C:\WINDOWS\System32\hwclock.exe<---This file
C:\Program Files\WinAntiVirus Pro 2006\<---This folder
C:\Program Files\Common Files\WinAntiVirus Pro 2006\<---This folder

I am sorry but I do not have any idea how I can find these files and how I delete. Please can you give me some basic instruction (sorry for asking very basic info)

e) Don't think I have Firefox installed.

f) VBG TXT

[01/04/2007, 20:49:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\nicola\Desktop\VirtumundoBeGone.exe" )
[01/04/2007, 20:50:01] - Detected System Information:
[01/04/2007, 20:50:01] - Windows Version: 5.1.2600, Service Pack 1
[01/04/2007, 20:50:01] - Current Username: nicola (Admin)
[01/04/2007, 20:50:01] - Windows is in SAFE mode with Networking.
[01/04/2007, 20:50:01] - Searching for Browser Helper Objects:
[01/04/2007, 20:50:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[01/04/2007, 20:50:01] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/04/2007, 20:50:01] - BHO 3: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[01/04/2007, 20:50:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/04/2007, 20:50:01] - Checking for HKLM\...\Winlogon\Notify\vtusqop
[01/04/2007, 20:50:01] - Found: HKLM\...\Winlogon\Notify\vtusqop - This is probably Virtumundo.
[01/04/2007, 20:50:01] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[01/04/2007, 20:50:01] - BHO list has been changed! Starting over...
[01/04/2007, 20:50:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[01/04/2007, 20:50:01] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/04/2007, 20:50:01] - BHO 3: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[01/04/2007, 20:50:01] - ALERT: Found MSEvents Object!
[01/04/2007, 20:50:01] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2007, 20:50:01] - BHO 5: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/04/2007, 20:50:01] - Finished Searching Browser Helper Objects
[01/04/2007, 20:50:01] - *** Detected MSEvents Object
[01/04/2007, 20:50:01] - Trying to remove MSEvents Object...
[01/04/2007, 20:50:02] - Terminating Process: IEXPLORE.EXE
[01/04/2007, 20:50:02] - Terminating Process: RUNDLL32.EXE
[01/04/2007, 20:50:02] - Disabling Automatic Shell Restart
[01/04/2007, 20:50:02] - Terminating Process: EXPLORER.EXE
[01/04/2007, 20:50:02] - Suspending the NT Session Manager System Service
[01/04/2007, 20:50:02] - Terminating Windows NT Logon/Logoff Manager
[01/04/2007, 20:50:02] - Re-enabling Automatic Shell Restart
[01/04/2007, 20:50:02] - File to disable: C:\WINDOWS\system32\vtusqop.dll
[01/04/2007, 20:50:02] - Renaming C:\WINDOWS\system32\vtusqop.dll -> C:\WINDOWS\system32\vtusqop.dll.vir
[01/04/2007, 20:50:02] - File successfully renamed!
[01/04/2007, 20:50:02] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[01/04/2007, 20:50:02] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[01/04/2007, 20:50:02] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[01/04/2007, 20:50:02] - Deleting ATLEvents/MSEvents Registry entries
[01/04/2007, 20:50:02] - Removing HKLM\...\Winlogon\Notify\vtusqop
[01/04/2007, 20:50:02] - Searching for Browser Helper Objects:
[01/04/2007, 20:50:02] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[01/04/2007, 20:50:02] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/04/2007, 20:50:02] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/04/2007, 20:50:02] - BHO 4: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[01/04/2007, 20:50:02] - Finished Searching Browser Helper Objects
[01/04/2007, 20:50:02] - Finishing up...
[01/04/2007, 20:50:02] - A restart is needed.
[01/04/2007, 20:50:35] - Attempting to Restart via STOP error (Blue Screen!)

g) The Win antivirus pro 2006 icon is still showing in the control panel. How do I get rid of this?

h) Hijack this log file:-

Logfile of HijackThis v1.99.1
Scan saved at 21:32:18, on 04/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Please can you let me have some feedback on my questions / points in bold and advise any further instructions.

Once again all help appreciated.

Thanks
Vern
HJThis
Jan 5 2007, 05:24 AM
Hi,vernsunited

First i need you to step back slow down your doing one hell of a great job here.
as for the files only two have to be deleted.

now when i say delete the following files / folders (if present):-

lit's say i ask you to delete this file here what i am saying to you is to Goto
C:\Drive Windows folder >> System32 folder >> and delete this file hwclock.exe<---This file

C:\WINDOWS\System32\hwclock.exe<---This file

is this any better help.

=============

View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

==============

Restart your computer in Safe Mode.
  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.
If you need further assistance with Safe Mode, see Symantec


=============


NOTE: If having a problem going in to Safe Mode doing above try this.

Step 1: Close all programs so that you have nothing open and are at the desktop.

Step 2: Click on the Start button then click on Run.

Step 3: In the Run field type msconfig

Step 4: Press the OK button and the System Configuration Utility will start up.

Step 5: Click on the tab labeled "BOOT.INI"

Step 6: Put a checkmark in the checkbox labeled "/SAFEBOOT"
Then press the OK button. After pressing the button you will be presented with a confirmation box.

Step 7: Press the Restart button and let the computer reboot. It will now boot up into Safe Mode.

Step 8: When the computer boots up do what diagnostic or troubleshooting tasks that you need to do.

Step 9. When are finished with your tasks, complete steps 1-7 again, but in Step 6 this time Uncheck the checkbox labeled "/SAFEBOOT". Then click on the General tab and set it for Normal startup.

============

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis


============

Next, please find and delete the following files/folders (if present):
C:\WINDOWS\System32\hwclock.exe<---Then delete this file
C:\Program Files\WinAntiVirus Pro 2006\<---Then delete this Folder


Then do a reboot and before you come back here with the new logfile.

have a look here for that icon you say is in Add/Remove Programs
http://www.adelaider.com/?thread=7567

Gogo wink.gif
vernsunited
Jan 5 2007, 06:34 PM
sad.gif

Hi again Gogo,

Thanks for all your help. Tried to follow the latest instructions but don't seem to be having much success. It is getting very frustrating and i am really glad you are able to help.

From your last post:-

*****************************
Deleting files and folders

Now understand the instructions (thanks) however can not find any of the files listed:-

C:\WINDOWS\System32\onhagicb.dll<---This file
C:\WINDOWS\system32\vtusqop.dll<---This file
C:\Program Files\BHO\plugin.dll<---This file
C:\WINDOWS\System32\awvtt.dll<---This file
C:\WINDOWS\System32\hwclock.exe<---This file
C:\Program Files\WinAntiVirus Pro 2006\<---This folder
C:\Program Files\Common Files\WinAntiVirus Pro 2006\<---This folder

No problem finding System 32 or BHO file but can't find the next one on the path. Can not find WinAntivirus Pro 2006 in Program Files or Program Files\ common Files.

Please help?

**********************************
View hidden files and Folders

Options already set as your request

***********************************
Hijack this

Tried following the instruction and each time I do fix checks a warning comes up to say files will be permantly deleted, I go ahead however each time I re-boot and do a new scan they are still showing (tried to do five times).

Please help?

**************************************
Win Antivirus Pro 2006

The Win antivirus pro 2006 icon is still showing in the control panel. How do I get rid of this?

Please help?

****************************************
New Log

Logfile of HijackThis v1.99.1
Scan saved at 17:02:59, on 05/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

***************************
www.adelaider.com

Printed and tried to follow instructions but not understand. The Win Antivirus icon is showing in the control panel but is not showing in the add / remove programs.

Please help

****************************

Hope that you can help me further.

Thanks
Vern
HJThis
Jan 6 2007, 05:41 AM
Hi,vernsunited

No problem this happens sometimes just take your time
lit's try this here see if it helps you.


Copy and paste the following text into Notepad: don't copy the word code

CODE
sc stop "Firewall service"
sc delete "Firewall service"
del services.bat


Save this as "services.bat" Choose to save as *all files and place it on your Desktop.

Double-click services.bat. Soon it should disappear from your Desktop; this is fine.

do a reboot then try this goto ControlPanel and right click on the Win Antivirus Pro 2006 and see if you can delete it. lit me know and may i have one more HijackThis logfile.

Gogo wink.gif
vernsunited
Jan 6 2007, 10:38 AM
Hi Gogo sad.gif

Followed your insruction. Now have two items on desktop called services.bat

One is the notepad file that I created. When I double click this file it goes intio the notepad document (does not disappear from desktop)

The second one is now an icon - If I double click on this item it says not a valid win32 application (file does not disappear from desktop)

When I right click on the Win anti virus pro icon in the control panel the only options are open and create shortcut.

Please advise what next.

Thanks

Vernunited
vernsunited
Jan 6 2007, 12:55 PM
Hi Gogo

Sorry forgot latest log in post above.

Logfile of HijackThis v1.99.1
Scan saved at 11:59:19, on 06/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
HJThis
Jan 6 2007, 06:06 PM
Hi,vernsunited

Hmm lit's see if i have better luck this way.


Then, * Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)
Now it should flash green.

Now copy the next bold part:

C:\Program Files\WinAntiVirus Pro 2006
C:\WINDOWS\System32\hwclock.exe

Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Gogo wink.gif
vernsunited
Jan 7 2007, 10:57 AM
Hi gogo,

Me again, sorry but this has not worked either - Am I running out of options?

Followed the instruction did everything and asked if I wanted to reboot, clicked yes. Message came of saying veryfying please wait. Next a error message came up saying Pending File rename operations registry data has been removed by external process.

If I click on properties in the Killbox programs it says windows can not find the 2 programs listed???

Tried to re-boot again any way but still no change

Really sorry that we don't seem to be getting anywhere and hope you can still help me.

All help appreciated.

Thanks

Vern
HJThis
Jan 7 2007, 05:32 PM
Hi,vernsunited

Odd do this for me please do a file Search for this see if and where
it may show up hwclock.exe and do the same for this here WinAntiVirus

then come back here till me what if anything was found.


==============

Do this for me as well lit's have a look


Download and Install AVG Anti-Spyware© by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

( Don't run just Yet )

==============

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

===============

Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware

Reboot into Normal Mode

================

Please download ComboFix and save it to your desktop.

Double click combofix.exe and follow the prompts.

When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Gogo wink.gif
vernsunited
Jan 9 2007, 08:57 AM
sad.gif

Hi Gogo

Tried your latest instructions. Please find to follow my findings and a few queries that I would appreciate if you could answer.

File Search

Did a file search as requested.

hwclock.exe - Nothing found

WinAntiVirus - Folder found C:\Documents and Settings\All Users\Application data

AVG Anti Spyware

Followed your instructions and Applied all actions. In total there were 50 infections including Trojan Fw Bypass.a, Adware Win AntiVirus, Adware Virtumonde and Adware Gator. Unfortunately a report was not saved even though the settings were as your instructions (checked this again).

All the files were placed into quarantine. When I clicked reports no reports found.

I then immediately ran a further scan and this time 10 infections were found which included Trojan Fw Bypass.a, Adware Win AntiVirus, Adware Virtumonde.

This time before applying anything I manually saved a report. The log is as follows:-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:13:20 08/01/2007

+ Scan result:



C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053846.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053847.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053848.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053849.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053850.dll -> Adware.Virtumonde : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053843.dll -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053844.cpl -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053845.exe -> Adware.WinAntiVirus : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053841.exe -> Trojan.FwBypass.a : No action taken.
C:\System Volume Information\_restore{E7D4AD5E-532F-47CF-A72D-62122A5F31B3}\RP104\A0053842.exe -> Trojan.FwBypass.a : No action taken.

::Report end

Anti Spyware / Malware

After your latest instructions I now have Ad-Adware Personal Se and AVG Anti Spyware on the system. Do they not do the same thing? Are they both needed? Should one be removed (if yes please advise how?)

ComboFix

Downloaded and report as follows:-

nicola - 07-01-08 22:05:53.40 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\nicola\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-08 to 2007-01-08 ))))))))))))))))))))))))))))))))))


2007-01-07 18:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-07 09:17 <DIR> d-------- C:\!KillBox
2007-01-04 20:07 <DIR> d-------- C:\WINDOWS\pss
2007-01-04 17:28 <DIR> d-------- C:\VundoFix Backups
2007-01-04 17:27 88,064 --a------ C:\VundoFix.exe
2007-01-03 20:03 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-03 19:44 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\Sun
2007-01-03 19:32 <DIR> d-------- C:\Program Files\Hijack this
2007-01-02 20:04 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-02 19:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-02 19:46 <DIR> d-------- C:\WINDOWS\ehome
2007-01-02 19:40 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-01-02 19:40 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-01-02 19:40 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-01-02 19:40 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-01-02 19:40 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-01-02 19:40 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-01-02 19:40 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2007-01-02 19:40 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-01-02 19:40 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-01-02 19:40 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-01-02 19:40 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2007-01-02 19:40 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-01-02 19:40 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2007-01-02 19:40 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-01-02 19:40 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2007-01-02 19:40 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2007-01-02 19:40 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-01-02 19:40 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2007-01-02 19:40 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2007-01-02 19:40 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-01-02 19:39 9,856 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2007-01-02 19:39 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-01-02 19:39 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-01-02 19:39 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2007-01-02 19:39 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2007-01-02 19:39 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-01-02 19:39 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2007-01-02 19:39 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-01-02 19:39 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2007-01-02 19:39 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2007-01-02 19:39 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-01-02 19:39 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-01-02 19:39 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2007-01-02 19:39 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2007-01-02 19:39 61,952 --a------ C:\WINDOWS\system32\sti.dll
2007-01-02 19:39 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2007-01-02 19:39 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2007-01-02 19:39 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2007-01-02 19:39 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-01-02 19:39 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-01-02 19:39 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-01-02 19:39 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2007-01-02 19:39 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2007-01-02 19:39 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-01-02 19:39 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2007-01-02 19:39 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2007-01-02 19:39 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-01-02 19:39 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2007-01-02 19:39 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2007-01-02 19:39 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2007-01-02 19:39 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2007-01-02 19:39 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2007-01-02 19:39 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2007-01-02 19:39 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2007-01-02 19:39 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2007-01-02 19:39 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2007-01-02 19:39 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-01-02 19:39 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-02 19:39 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2007-01-02 19:39 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2007-01-02 19:39 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-01-02 19:39 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2007-01-02 19:39 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2007-01-02 19:39 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2007-01-02 19:39 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2007-01-02 19:39 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-01-02 19:39 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2007-01-02 19:39 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2007-01-02 19:39 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2007-01-02 19:39 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2007-01-02 19:39 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2007-01-02 19:39 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2007-01-02 19:39 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-02 19:39 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2007-01-02 19:39 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2007-01-02 19:39 16,384 --a------ C:\WINDOWS\system32\ups.exe
2007-01-02 19:39 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2007-01-02 19:39 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2007-01-02 19:39 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2007-01-02 19:39 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2007-01-02 19:39 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2007-01-02 19:39 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2007-01-02 19:39 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2007-01-02 19:39 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2007-01-02 19:39 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2007-01-02 19:39 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2007-01-02 19:39 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-01-02 19:39 106,496 --a------ C:\WINDOWS\system32\url.dll
2007-01-02 19:39 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2007-01-02 19:38 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2007-01-02 19:38 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2007-01-02 19:38 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2007-01-02 19:38 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-01-02 19:38 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2007-01-02 19:38 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-01-02 19:38 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-01-02 19:38 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-01-02 19:38 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-01-02 19:38 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2007-01-02 19:38 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-01-02 19:38 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-01-02 19:38 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2007-01-02 19:38 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-01-02 19:38 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2007-01-02 19:38 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-01-02 19:38 53,248 --a------ C:\WINDOWS\system32\packager.exe
2007-01-02 19:38 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2007-01-02 19:38 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2007-01-02 19:38 48,128 --a------ C:\WINDOWS\system32\reg.exe
2007-01-02 19:38 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2007-01-02 19:38 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-01-02 19:38 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2007-01-02 19:38 36,352 --a------ C:\WINDOWS\system32\sens.dll
2007-01-02 19:38 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2007-01-02 19:38 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2007-01-02 19:38 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2007-01-02 19:38 3,338 --a------ C:\WINDOWS\system32\redir.exe
2007-01-02 19:38 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2007-01-02 19:38 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2007-01-02 19:38 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2007-01-02 19:38 212,480 --a------ C:\WINDOWS\system32\osk.exe
2007-01-02 19:38 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2007-01-02 19:38 20,992 --a------ C:\WINDOWS\system32\setup.exe
2007-01-02 19:38 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2007-01-02 19:38 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2007-01-02 19:38 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2007-01-02 19:38 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2007-01-02 19:38 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2007-01-02 19:38 16,384 --a------ C:\WINDOWS\system32\ping.exe
2007-01-02 19:38 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2007-01-02 19:38 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-01-02 19:38 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2007-01-02 19:38 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-01-02 19:38 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2007-01-02 19:38 134,144 --a------ C:\WINDOWS\regedit.exe
2007-01-02 19:38 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2007-01-02 19:38 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2007-01-02 19:38 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2007-01-02 19:38 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2007-01-02 19:38 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2007-01-02 19:38 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-01-02 19:38 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2007-01-02 19:38 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2007-01-02 19:38 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2007-01-02 19:38 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2007-01-02 19:37 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2007-01-02 19:37 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2007-01-02 19:37 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-02 19:37 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-01-02 19:37 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-02 19:37 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2007-01-02 19:37 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2007-01-02 19:37 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2007-01-02 19:37 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2007-01-02 19:37 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2007-01-02 19:37 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2007-01-02 19:37 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2007-01-02 19:37 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-02 19:37 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-02 19:37 33,808 --a------ C:\WINDOWS\system32\ntio.sys
2007-01-02 19:37 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-02 19:37 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2007-01-02 19:37 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-02 19:37 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-02 19:37 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-01-02 19:37 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2007-01-02 19:37 218,112 --------- C:\WINDOWS\system32\sbe.dll
2007-01-02 19:37 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-02 19:37 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-02 19:37 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2007-01-02 19:37 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2007-01-02 19:37 172,032 --------- C:\WINDOWS\system32\mssap.dll
2007-01-02 19:37 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2007-01-02 19:37 155,648 --------- C:\WINDOWS\system32\encdec.dll
2007-01-02 19:37 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2007-01-02 19:37 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-02 19:37 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-02 19:37 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2007-01-02 19:37 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2007-01-02 19:37 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-02 19:37 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-02 19:37 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2007-01-02 19:36 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-01-02 19:36 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-01-02 19:36 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-01-02 19:36 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2007-01-02 19:36 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2007-01-02 19:36 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-01-02 19:36 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-01-02 19:36 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-01-02 19:36 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-02 19:36 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2007-01-02 19:36 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2007-01-02 19:36 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2007-01-02 19:36 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2007-01-02 19:36 39,424 --a------ C:\WINDOWS\system32\net.exe
2007-01-02 19:36 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2007-01-02 19:36 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-01-02 19:36 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
2007-01-02 19:36 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2007-01-02 19:36 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-01-02 19:36 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-02 19:36 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2007-01-02 19:36 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2007-01-02 19:36 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2007-01-02 19:36 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2007-01-02 19:36 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2007-01-02 19:36 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2007-01-02 19:36 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-01-02 19:36 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-01-02 19:36 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2007-01-02 19:36 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2007-01-02 19:36 154,112 --a------ C:\WINDOWS\system32\netman.dll
2007-01-02 19:36 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2007-01-02 19:36 115,200 --a------ C:\WINDOWS\system32\net1.exe
2007-01-02 19:36 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2007-01-02 19:36 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2007-01-02 19:36 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2007-01-02 19:36 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2007-01-02 19:36 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2007-01-02 19:35 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2007-01-02 19:35 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2007-01-02 19:35 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-01-02 19:35 64,512 --a------ C:\WINDOWS\system32\msiexec.exe
2007-01-02 19:35 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-01-02 19:35 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
2007-01-02 19:35 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2007-01-02 19:35 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2007-01-02 19:35 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2007-01-02 19:35 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2007-01-02 19:35 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-01-02 19:35 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
2007-01-02 19:35 305,664 --a------ C:\WINDOWS\system32\msihnd.dll
2007-01-02 19:35 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2007-01-02 19:35 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2007-01-02 19:35 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2007-01-02 19:35 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2007-01-02 19:35 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2007-01-02 19:35 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2007-01-02 19:35 2,086,400 --a------ C:\WINDOWS\system32\msi.dll
2007-01-02 19:35 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2007-01-02 19:35 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2007-01-02 19:35 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2007-01-02 19:35 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2007-01-02 19:35 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2007-01-02 19:35 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-01-02 19:35 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
2007-01-02 19:35 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2007-01-02 19:34 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2007-01-02 19:34 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2007-01-02 19:34 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2007-01-02 19:34 219,648 --a------ C:\WINDOWS\system32\logon.scr
2007-01-02 19:34 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2007-01-02 19:34 10,240 --a------ C:\WINDOWS\system32\localui.dll
2007-01-02 19:32 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2007-01-02 19:32 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2007-01-02 19:32 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-01-02 19:32 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2007-01-02 19:32 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2007-01-02 19:32 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2007-01-02 19:32 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-01-02 19:32 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2007-01-02 19:32 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2007-01-02 19:32 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2007-01-02 19:32 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2007-01-02 19:32 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2007-01-02 19:32 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2007-01-02 19:32 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-02 19:32 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-02 19:32 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2007-01-02 19:32 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2007-01-02 19:32 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2007-01-02 19:32 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-02 19:32 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2007-01-02 19:32 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2007-01-02 19:32 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-02 19:32 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2007-01-02 19:32 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2007-01-02 19:32 114,176 --a------ C:\WINDOWS\system32\input.dll
2007-01-02 19:32 113,152 --a------ C:\WINDOWS\system32\idq.dll
2007-01-02 19:32 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2007-01-02 19:31 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2007-01-02 19:31 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2007-01-02 19:31 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2007-01-02 19:31 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2007-01-02 19:31 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2007-01-02 19:31 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-01-02 19:31 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2007-01-02 19:31 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2007-01-02 19:31 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
2007-01-02 19:31 263,680 --a------ C:\WINDOWS\system32\duser.dll
2007-01-02 19:31 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2007-01-02 19:31 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2007-01-02 19:31 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2007-01-02 19:31 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2007-01-02 19:31 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2007-01-02 19:31 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2007-01-02 19:31 165,376 --a------ C:\WINDOWS\system32\els.dll
2007-01-02 19:31 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2007-01-02 19:31 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2007-01-02 19:31 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2007-01-02 19:31 1,004,032 --a------ C:\WINDOWS\explorer.exe
2007-01-02 19:30 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-01-02 19:30 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2007-01-02 19:30 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2007-01-02 19:30 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2007-01-02 19:30 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2007-01-02 19:30 74,810 --a------ C:\WINDOWS\system32\atl.dll
2007-01-02 19:30 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2007-01-02 19:30 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2007-01-02 19:30 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2007-01-02 19:30 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2007-01-02 19:30 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2007-01-02 19:30 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2007-01-02 19:30 6,656 --a------ C:\WINDOWS\system32\batt.dll
2007-01-02 19:30 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2007-01-02 19:30 55,296 --a------ C:\WINDOWS\system32\digest.dll
2007-01-02 19:30 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2007-01-02 19:30 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-01-02 19:30 49,152 --a------ C:\WINDOWS\system32\browser.dll
2007-01-02 19:30 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2007-01-02 19:30 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2007-01-02 19:30 41,984 --a------ C:\WINDOWS\system32\alg.exe
2007-01-02 19:30 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2007-01-02 19:30 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2007-01-02 19:30 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2007-01-02 19:30 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2007-01-02 19:30 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-01-02 19:30 32,512 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-01-02 19:30 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2007-01-02 19:30 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2007-01-02 19:30 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2007-01-02 19:30 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2007-01-02 19:30 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2007-01-02 19:30 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2007-01-02 19:30 24,576 --a------ C:\WINDOWS\system32\conime.exe
2007-01-02 19:30 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2007-01-02 19:30 22,528 --a------ C:\WINDOWS\system32\at.exe
2007-01-02 19:30 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2007-01-02 19:30 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2007-01-02 19:30 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2007-01-02 19:30 158,720 --a------ C:\WINDOWS\system32\credui.dll
2007-01-02 19:30 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2007-01-02 19:30 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2007-01-02 19:30 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-01-02 19:30 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2007-01-02 19:30 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2007-01-02 19:30 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2007-01-02 19:29 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-02 19:29 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2007-01-02 19:29 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2007-01-02 19:29 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2007-01-02 19:29 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2007-01-02 19:29 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-12-31 14:32 <DIR> d-------- C:\data
2006-12-30 21:24 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2006-12-30 21:22 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2006-12-30 19:31 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-12-30 19:31 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-12-30 19:31 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-12-30 19:31 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-12-30 19:31 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-12-30 19:31 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-12-30 19:30 <DIR> d-------- C:\Program Files\Grisoft
2006-12-30 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-12-30 18:07 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-30 18:07 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-12-30 18:07 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-30 18:07 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-12-30 18:07 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-30 18:07 594,944 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-30 18:07 535,552 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-12-30 18:07 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-12-30 18:07 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-30 18:07 367,616 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-30 18:07 263,680 --a------ C:\WINDOWS\system32\rpcss.dll
2006-12-30 18:07 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-12-30 18:07 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-30 18:07 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-30 18:07 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-30 18:07 1,194,496 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-30 18:07 1,183,744 --a------ C:\WINDOWS\system32\ole32.dll
2006-12-30 18:05 <DIR> d-------- C:\cfdac226dea5a8ca12b6d9f10c4a7d1a
2006-12-30 09:10 <DIR> dr-h----- C:\Documents and Settings\nicola\Recent
2006-12-30 08:54 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-30 08:54 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\Lavasoft
2006-12-30 08:51 <DIR> d-------- C:\Program Files\CCleaner
2006-12-28 21:51 23,296 -ra------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2006-12-28 19:15 <DIR> d-------- C:\Program Files\McAfee
2006-12-23 12:04 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard
2006-12-23 12:01 <DIR> d--hs---- C:\WA6P
2006-12-23 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
2006-12-23 12:00 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-12-22 11:10 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-12-22 11:10 593,408 --------- C:\WINDOWS\system32\xpsp2res.dll
2006-12-22 11:10 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-12-22 11:10 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-12-22 11:10 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-12-22 11:08 316,928 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-12-22 11:05 68,608 --a------ C:\WINDOWS\system32\locator.exe
2006-12-22 11:04 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-12-22 11:04 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2006-12-22 11:04 122,368 --a------ C:\WINDOWS\system32\itss.dll
2006-12-22 11:04 10,752 --a------ C:\WINDOWS\hh.exe
2006-12-22 11:01 226,816 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-22 11:01 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\SearchToolbarCorp
2006-12-22 10:57 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-12-22 10:57 125,440 --a------ C:\WINDOWS\system32\shmedia.dll
2006-12-22 10:57 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2006-12-22 10:55 <DIR> d--h----- C:\Program Files\BHO
2006-12-21 09:34 <DIR> dr-h----- C:\$VAULT$.AVG
2006-12-20 23:41 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\AVG7
2006-12-20 23:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-11 20:32 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-03 20:03 -------- d-a------ C:\Program Files\Common Files
2007-01-03 20:03 -------- d-------- C:\Program Files\Java
2007-01-02 20:03 -------- d-------- C:\Program Files\Messenger
2007-01-02 20:03 -------- d-------- C:\Program Files\Internet Explorer
2007-01-02 19:59 -------- d-------- C:\Program Files\NetMeeting
2007-01-02 19:46 -------- d-------- C:\Program Files\Windows Media Player
2007-01-02 19:46 -------- d-------- C:\Program Files\Movie Maker
2007-01-02 19:45 -------- d-------- C:\Program Files\Outlook Express
2007-01-02 19:45 -------- d-------- C:\Program Files\Common Files\System
2006-12-29 13:41 -------- d-------- C:\Documents and Settings\nicola\Application Data\MSN6
2006-12-29 11:20 -------- d-------- C:\Program Files\TalkTalk
2006-12-23 16:23 -------- d-------- C:\Program Files\EPSON Print CD
2006-12-23 12:11 704 --a------ C:\Documents and Settings\nicola\Application Data\update.log
2006-12-11 20:33 -------- d-------- C:\Program Files\MUSICMATCH
2006-12-11 20:32 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-12-11 20:29 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-11 20:29 -------- d-------- C:\Program Files\ArcSoft
2006-12-04 17:55 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-12-04 17:51 -------- d-------- C:\Program Files\EPSON
2006-12-01 19:31 -------- d-------- C:\Program Files\iTunes
2006-12-01 19:30 -------- d-------- C:\Program Files\iPod
2006-12-01 19:29 -------- d-------- C:\Program Files\QuickTime
2006-12-01 19:27 -------- d-------- C:\Program Files\Apple Software Update
2006-12-01 18:41 -------- d-------- C:\Program Files\WinRAR
2006-11-18 10:26 -------- d---s---- C:\Documents and Settings\nicola\Application Data\Microsoft
2006-11-16 20:47 -------- d-------- C:\Program Files\Picasa2
2006-11-10 15:46 -------- d-------- C:\Documents and Settings\nicola\Application Data\FUJIFILM
2006-11-10 15:34 -------- d-------- C:\Documents and Settings\nicola\Application Data\Snapfish
2006-11-09 21:37 -------- d-------- C:\Documents and Settings\nicola\Application Data\Ahead
2006-11-09 21:15 -------- d-------- C:\Documents and Settings\nicola\Application Data\Simple Star
2006-11-09 21:13 -------- d-------- C:\Program Files\Ahead
2006-11-09 21:08 -------- d-------- C:\Program Files\Common Files\Nero
2006-11-09 20:56 -------- d-------- C:\Program Files\Common Files\Ahead
2006-11-08 19:57 -------- d-------- C:\Program Files\coverXP
2006-10-18 16:14 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2006-10-16 19:15 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMesse

Additional reply to follow
vernsunited
Jan 9 2007, 08:58 AM
Hijack this

Latest log as follows:-

Logfile of HijackThis v1.99.1
Scan saved at 22:11:41, on 08/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Help

I hope that you still have more things to try and that you can help me further. I realise you are very busy and I am sorry things don't appear to be going well. Hope I am following your instructions ok.

Thanks
Vernunited
HJThis
Jan 9 2007, 03:42 PM
Hi,vernsunited

Again your doing a great job here now please delete the two items
on your desktop called services.bat you don't need them we.
are going to make new one.

As for the 10 infections no problem they are in the system restore
they can't do anything bad to the PC as long as you don't do a restore point.
but we will be going after them soon.


Next


Copy and paste the following text into Notepad: make sure not to copy the word CODE

CODE
sc stop "Hardware Clock Driver"
sc delete "Hardware Clock Driver"
del services.bat

Save this as "services.bat" Choose to save as *all files and place it on your Desktop.

Double-click services.bat. Soon it should disappear from your Desktop; this is fine.

===============

Then

View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

===========


Restart your computer in Safe Mode.
  1. If the computer is running, shut down Windows, and then turn off the power.
  2. Wait 30 seconds, and then turn the computer on.
  3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  4. Ensure that the Safe Mode option is selected.
  5. Press Enter. The computer then begins to start in Safe Mode.
  6. Login on your usual account.
If you need further assistance with Safe Mode, see Symantec


Or do it this way if above is hard for you

Step 1: Close all programs so that you have nothing open and are at the desktop.

Step 2: Click on the Start button then click on Run.

Step 3: In the Run field type msconfig

Step 4: Press the OK button and the System Configuration Utility will start up.

Step 5: Click on the tab labeled "BOOT.INI"

Step 6: Put a checkmark in the checkbox labeled "/SAFEBOOT"
Then press the OK button. After pressing the button you will be presented with a confirmation box.

Step 7: Press the Restart button and let the computer reboot. It will now boot up into Safe Mode.

Step 8: When the computer boots up do what diagnostic or troubleshooting tasks that you need to do.

Step 9. When are finished with your tasks, complete steps 1-7 again, but in Step 6 this time Uncheck the checkbox labeled "/SAFEBOOT". Then click on the General tab and set it for Normal startup.


===========

Next, please find and delete the following files/folders (if present):
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006<---This folder

Now Restart in Normal Mode show me one more HijackThis logfile.


Gogo wink.gif
vernsunited
Jan 9 2007, 08:22 PM
Hello Gogo

Followed latest instructions. Latest log as follows:-

Logfile of HijackThis v1.99.1
Scan saved at 19:27:01, on 09/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thanks
vernunited
HJThis
Jan 9 2007, 11:43 PM
Hi,vernsunited

Hmm i will get back at you if i forget send me a PM

Gogo wink.gif
HJThis
Jan 10 2007, 04:50 PM
Hi,vernsunited

Lit's try this once more i can't see why this thing is still here huh.gif


Please follow these directions.

• Open HijackThis, click Open the Misc Toos section, then click Delete a file on bootup
- a window will open
- Where it says "File Name" - copy and paste: C:\WINDOWS\System32\hwclock.exe
- Click Open
- A prompt will appear advising you that the file will be deleted and asking if you want to reboot now
- Click Yes
- Your computer will now reboot.


and see if it is now gone

Gogo wink.gif
vernsunited
Jan 10 2007, 09:07 PM
Hi Gogo

Followed latest instructions and latest log is as follows:-

Logfile of HijackThis v1.99.1
Scan saved at 19:54:53, on 10/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Please advise latest instructions.

Thanks a lot for your help.

vernunited
HJThis
Jan 10 2007, 09:54 PM
Hey,vernsunited

well i don't no why but it keeps showing up in the logfile but i don't think
it's on the PC or should say not running.if you do a file search you may
not find the file.so lit's move on to this next steps.

then make sure to update AVG anti-spyware and run a scan
lit's see what if anything is found,show me the logfile.


To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


Next, let's clean your restore points and set a new one


Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.


Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.



Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.


Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

And please have a look at the great info by Mr,TK
So how did I get infected in the first place


Gogo wink.gif
vernsunited
Jan 17 2007, 04:33 PM
Hello Gogo

Hope you are well.

Thanks again for all your help. I realise that you must be really busy helping with all the problems and I am trying my best to understand everything but could you just clarify why if the file hwclock exe is not on the PC why is it on the hijack this log. Done another search and can't find the file.

Followed the latest instructions and the log for the AVG Anti spy ware is as follows:-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:32:09 16/01/2007

+ Scan result:



C:\Documents and Settings\nicola\Cookies\nicola@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.


::Report end

Also did a scan on the Ad-Adware SE and more errors came up (why is this?). A log for this is as follows:-



Ad-Aware SE Build 1.06r1
Logfile Created on:15 January 2007 17:40:47
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R144 15.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


15-01-2007 17:40:47 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\nicola\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\nicola\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 15-01-2007 15:30:39
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 15-01-2007 15:30:46
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 588
ThreadCreationTime : 15-01-2007 15:30:52
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 632
ThreadCreationTime : 15-01-2007 15:30:52
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 15-01-2007 15:30:52
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 15-01-2007 15:30:53
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 848
ThreadCreationTime : 15-01-2007 15:30:54
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 868
ThreadCreationTime : 15-01-2007 15:30:54
BasePriority : Normal
FileVersion : 4, 3, 20, 1
ProductVersion : 4, 3, 20, 1
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 15-01-2007 15:30:56
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 15-01-2007 15:30:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 15-01-2007 15:30:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1320
ThreadCreationTime : 15-01-2007 15:30:58
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1332
ThreadCreationTime : 15-01-2007 15:30:58
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1352
ThreadCreationTime : 15-01-2007 15:30:58
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1368
ThreadCreationTime : 15-01-2007 15:30:58
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1404
ThreadCreationTime : 15-01-2007 15:30:58
BasePriority : Normal
FileVersion : 7.5.0.432
ProductVersion : 7.5.0.432
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:17 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 1428
ThreadCreationTime : 15-01-2007 15:30:59
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000
OriginalFilename : SAgent2.exe

#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1488
ThreadCreationTime : 15-01-2007 15:31:00
BasePriority : Normal
FileVersion : 6.14.10.6177
ProductVersion : 6.14.10.6177
ProductName : NVIDIA Driver Helper Service, Version 61.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.77
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1604
ThreadCreationTime : 15-01-2007 15:31:00
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1640
ThreadCreationTime : 15-01-2007 15:31:01
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1772
ThreadCreationTime : 15-01-2007 15:31:01
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:22 [opware32.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE\
ProcessID : 260
ThreadCreationTime : 15-01-2007 15:31:12
BasePriority : Normal
FileVersion : 11.0
ProductVersion : 11.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc
FileDescription : OCR Aware (32-bit)
InternalName : Opware32.exe
LegalCopyright : Copyright © 1995-2000 ScanSoft, Inc
OriginalFilename : Opware32.exe

#:23 [cpd.exe]
FilePath : C:\Program Files\McAfee\McAfee Firewall\
ProcessID : 272
ThreadCreationTime : 15-01-2007 15:31:13
BasePriority : Normal
FileVersion : 4.00.5000.0
ProductVersion : 4.00.5000.0
ProductName : McAfee Firewall
CompanyName : Network Associates, Inc.
FileDescription : McAfee Firewall
LegalCopyright : Copyright © 1996-2002 Networks Associates Technology, Inc. All rights reserved
OriginalFilename : cpd.exe

#:24 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 412
ThreadCreationTime : 15-01-2007 15:31:16
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch

#:25 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 448
ThreadCreationTime : 15-01-2007 15:31:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:26 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 172
ThreadCreationTime : 15-01-2007 15:31:19
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:27 [cpd.exe]
FilePath : C:\Program Files\McAfee\McAfee Firewall\
ProcessID : 556
ThreadCreationTime : 15-01-2007 15:31:23
BasePriority : Normal
FileVersion : 4.00.5000.0
ProductVersion : 4.00.5000.0
ProductName : McAfee Firewall
CompanyName : Network Associates, Inc.
FileDescription : McAfee Firewall
LegalCopyright : Copyright © 1996-2002 Networks Associates Technology, Inc. All rights reserved
OriginalFilename : cpd.exe

#:28 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 696
ThreadCreationTime : 15-01-2007 15:31:25
BasePriority : Normal
FileVersion : 4, 3, 20, 1
ProductVersion : 4, 3, 20, 1
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe

#:29 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 2180
ThreadCreationTime : 15-01-2007 15:31:41
BasePriority : Normal
FileVersion : 2.1.0
ProductVersion : 2.1.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : © 2004- 2005 Google Inc.
OriginalFilename : Picasa2.exe

#:30 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2300
ThreadCreationTime : 15-01-2007 15:31:42
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:31 [cmgrdian.exe]
FilePath : C:\Program Files\McAfee\McAfee Shared Components\Guardian\
ProcessID : 2404
ThreadCreationTime : 15-01-2007 15:31:43
BasePriority : Normal
FileVersion : 3.00.1051.0
ProductVersion : 3.00.1051.0
ProductName : McAfee Windows Guardian
CompanyName : Network Associates, Inc.
FileDescription : McAfee Guardian Agent
InternalName : CMGrdian
LegalCopyright : Copyright © 1997-2001 Network Associates, Inc. All rights reserved
OriginalFilename : CMGrdian.exe

#:32 [plguni.exe]
FilePath : C:\Program Files\McAfee\QuickClean\
ProcessID : 2488
ThreadCreationTime : 15-01-2007 15:31:44
BasePriority : Normal
FileVersion : 2.02.1029.0
ProductVersion : 2.02.1029.0
ProductName : QuickClean
CompanyName : Network Associates Technologies, Inc.
FileDescription : QuickClean Plug-In For McAfee Agent
InternalName : PlgUni.exe
LegalCopyright : Copyright © 1997-2000 Network Associates Technologies, Inc. All Rights Reserved
LegalTrademarks : QuickClean is a registered trademark of Network Associates, Inc and/or its affilates in the US or other countries.
OriginalFilename : PlgUni.exe

#:33 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2640
ThreadCreationTime : 15-01-2007 15:31:46
BasePriority : Normal
FileVersion : 7.5.0.418
ProductVersion : 7.5.0.418
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:34 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2648
ThreadCreationTime : 15-01-2007 15:31:46
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0\bin\
ProcessID : 2676
ThreadCreationTime : 15-01-2007 15:31:48
BasePriority : Normal


#:36 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2584
ThreadCreationTime : 15-01-2007 15:32:15
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:37 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3052
ThreadCreationTime : 15-01-2007 15:32:23
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:38 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3668
ThreadCreationTime : 15-01-2007 15:32:30
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:39 [logitechdesktopmessenger.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ProcessID : 3772
ThreadCreationTime : 15-01-2007 15:32:32
BasePriority : Normal
FileVersion : 2.30.04
ProductVersion : 2.30.04
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : SyncExt
LegalCopyright : Copyright © Logitech 2000-2005. All rights reserved
OriginalFilename : SyncExt.dll
Comments : About:
www.logitech.com/ldm

Privacy Policy:
http://privacy.logitech.com

#:40 [mssysmgr.exe]
FilePath : C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\
ProcessID : 3900
ThreadCreationTime : 15-01-2007 15:32:33
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Nero PhotoShow Media Manager
CompanyName : Ahead Software
FileDescription : Nero PhotoShow Media Manager
LegalCopyright : Copyright © 2005 Ahead Software AG
OriginalFilename : mssysmgr.exe

#:41 [rulaunch.exe]
FilePath : C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\
ProcessID : 176
ThreadCreationTime : 15-01-2007 15:32:36
BasePriority : Normal
FileVersion : 2.00.1131.0
ProductVersion : 2.00.1131.0
ProductName : McAfee Instant Updater
CompanyName : Networks Associates Technologies, Inc.
FileDescription : RuLaunch
InternalName : RuLaunch
LegalCopyright : Copyright © 1998-2002 Networks Associates Technologies, Inc. All rights reserved
OriginalFilename : RuLaunch.exe

#:42 [e_s10ic2.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 2816
ThreadCreationTime : 15-01-2007 15:33:31
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S10IC2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2001
OriginalFilename : E_S10IC2.EXE

#:43 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3424
ThreadCreationTime : 15-01-2007 15:33:39
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:44 [minimavis.exe]
FilePath : C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\
ProcessID : 3036
ThreadCreationTime : 15-01-2007 15:33:53
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : Mavis Beacon Personal Coach v 2.0
CompanyName : TLC Education Properties LLC
FileDescription : Mavis Beacon Personal Coach v 2.0
InternalName : MINIMAVIS
LegalCopyright : Copyright © 2001 TLC Education Properties LLC
OriginalFilename : MiniMavis.exe

#:45 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2840
ThreadCreationTime : 15-01-2007 16:47:35
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3152
ThreadCreationTime : 15-01-2007 17:39:07
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:nicola@adtech.de/
Expires : 04-01-2017 11:08:06
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:nicola@serving-sys.com/
Expires : 31-12-2037 22:00:00
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:nicola@advertising.com/
Expires : 06-01-2012 11:08:08
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 16



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 16




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16

17:56:52 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:04.906
Objects scanned:134285
Objects identified:3
Objects ignored:0
New critical objects:3

Cleaned out files in temporary internet files and all settings in Internet Explorer were already set as your earlier request.

My Hijack this log is as follows:-
Logfile of HijackThis v1.99.1
Scan saved at 20:12:21, on 16/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
vernsunited
Jan 17 2007, 04:34 PM
Hi gogo

Continued from last mail

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Look forward to your next mail.

Cheers
vernunited
HJThis
Jan 17 2007, 11:01 PM
Hi,vernsunited

Sorry for the late reply here im having my Cable system worked on
and so far it looks like i may not have Cable for sometime.

as for the logfile the only thing i see is that same file
but i don't think it's going to be a problme.
or is there something going on.

Gogo wink.gif
vernsunited
Jan 18 2007, 09:30 AM
Hello Gogo

Hope your cable is sorted and back to normal.

Don't seem to be having any major problems but things keep coming up on the scans. Will this always happen? For example on the last Ad- adware scan I did, serious errors still occured (sent copy of log in last post)

Also seem to have programs on the system that I don't know what they are or if I am ok to delete. Can you give me any advice what I can delete?

Do you think we have done as much as possible now?

Thanks for all your help.

vernunited
HJThis
Jan 18 2007, 10:06 AM
Hey,vernsunited

Lit's try this once more


Disable bad service
Start
Run
Type services.msc to the field and press enter.
A window opens, scroll down to Hardware Clock Driver
Rightclick it and choose Stop
Then choose Properties
Set Startup to Disabled
Click Apply and OK.

===============

Then, open HijackThis.
Open the Misc Tools section
Delete an NT service
Copy the following line to the box and press OK; (hwclock)
Answer Yes
Close HIjackThis

===============

Then run HijackThis and place a check mark in the box next to
this item here

O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe (file missing)

then click fix checked close out of HijackThis


================

Please download SUPERAntiSpyware Home Edition (free version)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Please leave the others unchecked.
Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click Preferences. Click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.


and come back here with all logfiles.

Gogo wink.gif
vernsunited
Jan 18 2007, 08:56 PM
Hi Gogo

Log as Follows:-

SUPERAntiSpyware Scan Log
Generated 01/18/2007 at 07:53 PM

Application Version : 3.5.1016

Core Rules Database Version : 3143
Trace Rules Database Version: 1159

Scan type : Custom Scan
Total Scan Time : 00:05:55

Memory items scanned : 409
Memory threats detected : 0
Registry items scanned : 4790
Registry threats detected : 0
File items scanned : 587
File threats detected : 0

Hijack this log:-

Logfile of HijackThis v1.99.1
Scan saved at 20:04:47, on 18/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nicola\Desktop\New Briefcase\Hijack\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BT Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_2_3_0.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167643226575
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.17 62.24.128.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{60DA8D84-C1DD-4B9A-A149-A810C5A3ECAD}: NameServer = 62.24.128.17 62.24.128.18
O18 - Protocol: bw+0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {74D9DDED-6969-49B7-9D41-7518ED5D63AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BT Modem Lock - Unknown owner - C:\Program Files\BT Yahoo! Internet\ModemLock.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

PLEASE ADVISE.

Thanks
vernunited
HJThis
Jan 18 2007, 10:47 PM
Hey,vernsunited

I don't see that one file anymore but how is the PC doing now
do we still have a problme here.

Gogo wink.gif
vernsunited
Jan 19 2007, 09:02 AM
Hello Gogo

Don't seem to be having any major problems but things keep coming up on the scans. Will this always happen?

Also seem to have programs on the system that I don't know what they are or if I am ok to delete. Can you give me any advice what I can delete? Do all the programs I have installed while carrying out your GREAT instructions still need to be on the PC? For example I have Ad-Adware and AVG on. Are they doing the same thing?

When I first turn the computer on the AVG Anti vius FOLDER not program comes up. How can I stop this?

One last set of help and advice will be greatly appreciated.

Thanks for all your help. smile.gif

vernunited
HJThis
Jan 19 2007, 03:49 PM
Hi,vernsunited

QUOTE
Don't seem to be having any major problems but things keep coming up on the scans. Will this always happen?


What are these things that keep coming up?

if you like i would keep Ad-Aware Se and just make sure to keep it updated.

now if your talking about stuff like HijackThis, ComboFix
then no you can remove them. if this is what you want to do.

as for the folder no idea but will try to find out

Gogo wink.gif
vernsunited
Jan 23 2007, 09:52 AM
Hi Gogo

In reply to your last post I have just run aVG Anti Spyware (nothing came up) and Ad-Aware SE. When I ran Ad-Aware 17 critical objects showed up.

This is what happens each time I run Ad-Aware. I have attached the log below:-

Ad-Aware SE Build 1.06r1
Logfile Created on:22 January 2007 20:11:09
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R144 15.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):14 total references
Tracking Cookie(TAC index:3):17 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


22/01/2007 20:11:09 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\nicola\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\nicola\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1645522239-1788223648-682003330-1004\software\nvidia corporation\global\nview\windowmanagement
Description : nvidia nview cached application window positions


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 480
ThreadCreationTime : 22/01/2007 17:01:56
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 22/01/2007 17:02:04
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 22/01/2007 17:02:09
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 636
ThreadCreationTime : 22/01/2007 17:02:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 22/01/2007 17:02:09
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 22/01/2007 17:02:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 840
ThreadCreationTime : 22/01/2007 17:02:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 860
ThreadCreationTime : 22/01/2007 17:02:11
BasePriority : Normal
FileVersion : 4, 3, 20, 1
ProductVersion : 4, 3, 20, 1
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1048
ThreadCreationTime : 22/01/2007 17:02:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 22/01/2007 17:02:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1196
ThreadCreationTime : 22/01/2007 17:02:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1292
ThreadCreationTime : 22/01/2007 17:02:24
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1304
ThreadCreationTime : 22/01/2007 17:02:24
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:14 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1328
ThreadCreationTime : 22/01/2007 17:02:26
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:15 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1360
ThreadCreationTime : 22/01/2007 17:02:28
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:16 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1384
ThreadCreationTime : 22/01/2007 17:02:28
BasePriority : Normal
FileVersion : 7.5.0.432
ProductVersion : 7.5.0.432
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:17 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 1400
ThreadCreationTime : 22/01/2007 17:02:29
BasePriority : Normal
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : EPSON Bidirectional Printer
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
LegalCopyright : Copyright © SEIKO EPSON CORP. 2000
OriginalFilename : SAgent2.exe

#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1460
ThreadCreationTime : 22/01/2007 17:02:33
BasePriority : Normal
FileVersion : 6.14.10.6177
ProductVersion : 6.14.10.6177
ProductName : NVIDIA Driver Helper Service, Version 61.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.77
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1556
ThreadCreationTime : 22/01/2007 17:02:34
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1592
ThreadCreationTime : 22/01/2007 17:02:36
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [cpd.exe]
FilePath : C:\Program Files\McAfee\McAfee Firewall\
ProcessID : 2016
ThreadCreationTime : 22/01/2007 17:02:44
BasePriority : Normal
FileVersion : 4.00.5000.0
ProductVersion : 4.00.5000.0
ProductName : McAfee Firewall
CompanyName : Network Associates, Inc.
FileDescription : McAfee Firewall
LegalCopyright : Copyright © 1996-2002 Networks Associates Technology, Inc. All rights reserved
OriginalFilename : cpd.exe

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 224
ThreadCreationTime : 22/01/2007 17:02:46
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:23 [cpd.exe]
FilePath : C:\Program Files\McAfee\McAfee Firewall\
ProcessID : 336
ThreadCreationTime : 22/01/2007 17:02:53
BasePriority : Normal
FileVersion : 4.00.5000.0
ProductVersion : 4.00.5000.0
ProductName : McAfee Firewall
CompanyName : Network Associates, Inc.
FileDescription : McAfee Firewall
LegalCopyright : Copyright © 1996-2002 Networks Associates Technology, Inc. All rights reserved
OriginalFilename : cpd.exe

#:24 [cpd.exe]
FilePath : C:\Program Files\McAfee\McAfee Firewall\
ProcessID : 892
ThreadCreationTime : 22/01/2007 17:03:00
BasePriority : Normal
FileVersion : 4.00.5000.0
ProductVersion : 4.00.5000.0
ProductName : McAfee Firewall
CompanyName : Network Associates, Inc.
FileDescription : McAfee Firewall
LegalCopyright : Copyright © 1996-2002 Networks Associates Technology, Inc. All rights reserved
OriginalFilename : cpd.exe

#:25 [opware32.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE\
ProcessID : 1452
ThreadCreationTime : 22/01/2007 17:03:01
BasePriority : Normal
FileVersion : 11.0
ProductVersion : 11.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc
FileDescription : OCR Aware (32-bit)
InternalName : Opware32.exe
LegalCopyright : Copyright © 1995-2000 ScanSoft, Inc
OriginalFilename : Opware32.exe

#:26 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1108
ThreadCreationTime : 22/01/2007 17:03:09
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:27 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 132
ThreadCreationTime : 22/01/2007 17:03:11
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch

#:28 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 904
ThreadCreationTime : 22/01/2007 17:03:13
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:29 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 176
ThreadCreationTime : 22/01/2007 17:03:19
BasePriority : Normal
FileVersion : 4, 3, 20, 1
ProductVersion : 4, 3, 20, 1
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe

#:30 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 1100
ThreadCreationTime : 22/01/2007 17:03:20
BasePriority : Normal
FileVersion : 2.1.0
ProductVersion : 2.1.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : © 2004- 2005 Google Inc.
OriginalFilename : Picasa2.exe

#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2060
ThreadCreationTime : 22/01/2007 17:03:23
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [cmgrdian.exe]
FilePath : C:\Program Files\McAfee\McAfee Shared Components\Guardian\
ProcessID : 2160
ThreadCreationTime : 22/01/2007 17:03:24
BasePriority : Normal
FileVersion : 3.00.1051.0
ProductVersion : 3.00.1051.0
ProductName : McAfee Windows Guardian
CompanyName : Network Associates, Inc.
FileDescription : McAfee Guardian Agent
InternalName : CMGrdian
LegalCopyright : Copyright © 1997-2001 Network Associates, Inc. All rights reserved
OriginalFilename : CMGrdian.exe

#:33 [plguni.exe]
FilePath : C:\Program Files\McAfee\QuickClean\
ProcessID : 2216
ThreadCreationTime : 22/01/2007 17:03:25
BasePriority : Normal
FileVersion : 2.02.1029.0
ProductVersion : 2.02.1029.0
ProductName : QuickClean
CompanyName : Network Associates Technologies, Inc.
FileDescription : QuickClean Plug-In For McAfee Agent
InternalName : PlgUni.exe
LegalCopyright : Copyright © 1997-2000 Network Associates Technologies, Inc. All Rights Reserved
LegalTrademarks : QuickClean is a registered trademark of Network Associates, Inc and/or its affilates in the US or other countries.
OriginalFilename : PlgUni.exe

#:34 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2284
ThreadCreationTime : 22/01/2007 17:03:28
BasePriority : Normal
FileVersion : 7.5.0.418
ProductVersion : 7.5.0.418
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2296
ThreadCreationTime : 22/01/2007 17:03:33
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.6.0\bin\
ProcessID : 2576
ThreadCreationTime : 22/01/2007 17:03:43
BasePriority : Normal


#:37 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 3052
ThreadCreationTime : 22/01/2007 17:04:18
BasePriority : Normal
FileVersion : 7, 5, 0, 50
ProductVersion : 7, 5, 0, 50
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
OriginalFilename : avgas.exe

#:38 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3200
ThreadCreationTime : 22/01/2007 17:04:20
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:39 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3760
ThreadCreationTime : 22/01/2007 17:04:29
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:40 [logitechdesktopmessenger.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ProcessID : 1028
ThreadCreationTime : 22/01/2007 17:04:37
BasePriority : Normal
FileVersion : 2.30.04
ProductVersion : 2.30.04
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : SyncExt
LegalCopyright : Copyright © Logitech 2000-2005. All rights reserved
OriginalFilename : SyncExt.dll
Comments : About:
www.logitech.com/ldm

Privacy Policy:
http://privacy.logitech.com

#:41 [mssysmgr.exe]
FilePath : C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\
ProcessID : 1976
ThreadCreationTime : 22/01/2007 17:04:41
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.1.0
ProductName : Nero PhotoShow Media Manager
CompanyName : Ahead Software
FileDescription : Nero PhotoShow Media Manager
LegalCopyright : Copyright © 2005 Ahead Software AG
OriginalFilename : mssysmgr.exe

#:42 [devldr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2480
ThreadCreationTime : 22/01/2007 17:04:47
BasePriority : Normal
FileVersion : 1, 0, 0, 17
ProductVersion : 1, 0, 0, 17
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © Creative Technology Ltd. 1998-2001
OriginalFilename : DevLdr32.exe

#:43 [rulaunch.exe]
FilePath : C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\
ProcessID : 2516
ThreadCreationTime : 22/01/2007 17:04:47
BasePriority : Normal
FileVersion : 2.00.1131.0
ProductVersion : 2.00.1131.0
ProductName : McAfee Instant Updater
CompanyName : Networks Associates Technologies, Inc.
FileDescription : RuLaunch
InternalName : RuLaunch
LegalCopyright : Copyright © 1998-2002 Networks Associates Technologies, Inc. All rights reserved
OriginalFilename : RuLaunch.exe

#:44 [superantispyware.exe]
FilePath : C:\Program Files\SUPERAntiSpyware\
ProcessID : 3236
ThreadCreationTime : 22/01/2007 17:04:57
BasePriority : Normal
FileVersion : 3, 5, 0, 1016
ProductVersion : 3, 5, 0, 1016
ProductName : SUPERAntiSpyware
CompanyName : SUPERAntiSpyware.com
FileDescription : SUPERAntiSpyware
InternalName : SUPERAntiSpyware
LegalCopyright : Copyright © 2005-2007 by SUPERAntiSpyware.com and SUPERAdBlocker.com
OriginalFilename : SUPERAntiSpyware.exe

#:45 [minimavis.exe]
FilePath : C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\
ProcessID : 2672
ThreadCreationTime : 22/01/2007 17:06:08
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : Mavis Beacon Personal Coach v 2.0
CompanyName : TLC Education Properties LLC
FileDescription : Mavis Beacon Personal Coach v 2.0
InternalName : MINIMAVIS
LegalCopyright : Copyright © 2001 TLC Education Properties LLC
OriginalFilename : MiniMavis.exe

#:46 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2508
ThreadCreationTime : 22/01/2007 19:45:46
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:47 [e_fatibne.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 3360
ThreadCreationTime : 22/01/2007 19:59:48
BasePriority : Normal
FileVersion : 4.00
ProductVersion : 4.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S7I0N1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2006
OriginalFilename : E_S7I0N1.EXE

#:48 [uni.exe]
FilePath : C:\Program Files\McAfee\QuickClean\
ProcessID : 3460
ThreadCreationTime : 22/01/2007 20:02:50
BasePriority : Normal
FileVersion : 2.02.1029.0
ProductVersion : 2.02.1029.0
ProductName : McAfee QuickClean
CompanyName : Networks Associates Technology, Inc.
FileDescription : McAfee QuickClean Launcher
InternalName : Uni.exe
LegalCopyright : Copyright © 2001 Networks Associates Technology, Inc. All Rights Reserved
OriginalFilename : Uni.exe

#:49 [msiexec.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 984
ThreadCreationTime : 22/01/2007 20:06:42
BasePriority : Normal


#:50 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 948
ThreadCreationTime : 22/01/2007 20:10:39
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:nicola@adtech.de/
Expires : 13/01/2017 20:06:02
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@tradedoubler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:nicola@tradedoubler.com/
Expires : 12/01/2027 17:15:32
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@112.2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:nicola@112.2o7.net/
Expires : 16/01/2012 17:28:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@e-2dj6wgkogkdjkcp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:nicola@e-2dj6wgkogkdjkcp.stats.esomniture.com/
Expires : 16/01/2012 17:31:26
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:nicola@mediaplex.com/
Expires : 22/06/2009
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:nicola@statcounter.com/
Expires : 15/01/2012 20:09:16
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:nicola@advertising.com/
Expires : 15/01/2012 20:06:04
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:nicola@doubleclick.net/
Expires : 16/01/2010 17:27:40
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@e-2dj6wgl4ogcpilp.stats.esomniture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:nicola@e-2dj6wgl4ogcpilp.stats.esomniture.com/
Expires : 16/01/2012 17:31:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:nicola@atdmt.com/
Expires : 15/01/2012
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@adviva[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:nicola@adviva.net/
Expires : 22/12/2011 17:27:56
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@e-2dj6wgkygjcpscp.stats.esomniture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:nicola@e-2dj6wgkygjcpscp.stats.esomniture.com/
Expires : 16/01/2012 16:37:16
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@122.2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:nicola@122.2o7.net/
Expires : 16/01/2012 17:27:58
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@bizrate.co[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:nicola@bizrate.co.uk/
Expires : 14/01/2017 17:28:08
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:29
Value : Cookie:nicola@server.iad.liveperson.net/
Expires : 17/01/2008 16:26:30
LastSync : Hits:29
UseCount : 0
Hits : 29

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@stat.dealtime[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:nicola@stat.dealtime.com/
Expires : 16/01/2009 17:15:38
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : nicola@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:nicola@statse.webtrendslive.com/
Expires : 14/01/2017 17:25:26
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 31



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 31




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31

20:22:36 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:27.188
Objects scanned:123322
Objects identified:17
Objects ignored:0
New critical objects:17

As per my last post each time I switch on my computer the AVG Spyware folder (not program) appears. Did you manage to check this for me?

Each time my computer starts I am now also getting the following message (this comes up every time the computer goes on):-

WINDOWS -VIRTUAL MEMORY TOO LOW - Your system is low on virtual memory.Windows is increasing the size of your virtual memory paging file. During this process memory requests for some applications may be denied.

Have you any idea what may be causing this or what I can do to rectify (please remember I have very little computer knowledge)?

With regard to removing programs, I have the following programs (I have no problem keeping anything as long as no problems or conflicting issues can occur because I have them all on my system). Is it likely to slow the computer down the more things I have?

Please confirm if you recommend I keep or delete the following:-

Ad-Aware SE
Hijack this
Java SE Runtime Enviroment 6
Super Anti Spyware
Virtumondo Be Gone1
Combifix
CCleaner
AVG ANti Spyware
Killbox

Think I am now over the worst but just want to make sure everything running how it should and that my computer is as clean as possible.

Cannot thank you enough for all the help that you have given me.

Thanks
vernunited
HJThis
Jan 24 2007, 12:04 AM
Hey,vernsunited


QUOTE
WINDOWS -VIRTUAL MEMORY TOO LOW - Your system is low on virtual memory.Windows is increasing the size of your virtual memory paging file. During this process memory requests for some applications may be denied.


Have a look here see if this helps at all.
http://www.smartcomputing.com/editorial/ar...=5373&guid=


QUOTE
With regard to removing programs, I have the following programs (I have no problem keeping anything as long as no problems or conflicting issues ca