Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trogan Horse Generic.XDJ Located C:\:EnwzK.exe


  • This topic is locked This topic is locked

#1
bonnie_67

bonnie_67

    Member

  • Member
  • PipPip
  • 25 posts
[attachment=11863:attachment]my AGV pick up this virus but it couldnt heal it or put it in the vault. I had a virus or worn cause i have lost 95% of my photos and other other documents. Only the ones in My Document?. Ran Panda Activescan, which took 2hrs to down load? then went to my computer and ran scan (my AGV). is that right couldnt find anything else to run.

Have attached my HiJackthis list. Hope you can find the slipply little sucker :whistling:

Thank you inadvance

Kindest Regards

Bonnie


Logfile of HijackThis v1.99.1
Scan saved at 10:25:11 AM, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Harmony Software\Light5\Bin\Light5.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Documents and Settings\Bonnie\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...AfZ5Rsq58XMoX5t
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lil-mwa.space...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEACE003-00D1-4AE7-872F-BA6F9B009374}: NameServer = 203.134.64.66,203.134.65.66
O18 - Protocol: bw+0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
  • 0

Advertisements


#2
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hello bonnie 67 and Welcome to GeeksToGo!

I am logreeval and will be helping you clean your computer. I am currently reviewing your log, I will post as soon as I can.

logreeval
  • 0

#3
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thanks, look forward to hearing from you soon. You are my newest best friend:)

i really appreciate your help in helping me solve my problem.

Kindest Regards

Bonnie
  • 0

#4
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hello Again bonnie 67!

Please Print out these instructions for future reference.

let us get started...

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...AfZ5Rsq58XMoX5t
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe


Messenger Plus! 3 is an optional removal, but not reccomended, see here Here

SweetIM is an optional removal, because it has no use, and could infect your computer with more malware, see Here

BitTorrent is an optional removal, because itself is clean, but the downloads that are available from it may NOT be clean, therefore we do not recommend its use.


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Messenger Plus! 3
BitTorrent
SweetIM
SweetIMBarForIE
(Anything with SweetIM)


Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\BitTorrent
C:\Program Files\MessengerPlus! 3
C:\Program Files\Macrogaming


After that, Reboot.

=============================================

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


=============================================

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

=============================================

In the next reply:
1)Uninstall List
2)Fresh HijackThis Log

logreeval
  • 0

#5
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I didnt remove Messenger Plus 3 as i use it often. Is that ok? but i did remove and followed all your other steps.

Thanks again for you prompt response to this matter i really do appreciate it as computers and i dont really get on very well :whistling:

here are all the HijackThis lists.

Unistall List

Ad-aware 6 Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
AFL Live Premiership Edition
Ahead Nero Burning ROM
ArcSoft Camera Suite
AVG Anti-Virus 7.0
Blasterball 2 Holidays from WildGames (remove only)
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCHelp
CCScore
Digital Photo Slide Show & Screen Saver 2003.1
ECI Client v5.0
Elasto Mania
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSvpaht
ESSvpot
e-tax 2004
e-tax 2005
e-tax 2006
ewido anti-spyware 4.0
FaxTools
FinePixViewer Resource
FinePixViewer Ver.5.1
Focused Portfolios™
ftb 2005
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
Harmony Light 5
Hello (remove only)
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPSFO
ImageMixer VCD2 LE for FinePix
IncrediMail Xe
iTunes
J2SE Runtime Environment 5.0 Update 6
Kodak EasyShare software
KSU
Lexmark X1100 Series
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Macrogaming SweetIM 1.2a
Macromedia Shockwave Player
MARCA Activity Diary
Messenger Plus! 3 & Sponsor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Access 2002 Runtime
Microsoft Calculator Plus
Microsoft Data Access Components KB870669
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Windows Journal Viewer
Microsoft Works 6.0
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
MYOB Accounting Plus v14
MYOB Accounting Plus v15
MYOB Accounting Plus v16
Notifier
NVIDIA Display Driver
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
PCDLNCH
Picasa 2
Pinnacle PCI Performance Enhancer
PowerDVD
Puzzle Pirates
QuickTime
RAW FILE CONVERTER LE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SFR
SFR2
Slide Show & Screen Saver Titled - me
Soldier of Fortune Platinum
Spyware Doctor 3.2
SpywareBlaster v3.5.1
SweetIM For Internet Explorer 1.0a
Top Score Scorebook
Top Score Scorebook
Top Score Scorebook
Top Score Scorebook
Top Score Scorebook
Top Score Scorebook
Top Score Scorebook
Top Score Scorebook
Top Score Scorebook
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
User Profile Hive Cleanup Service
VCAMCEN
VPRINTOL
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
XoftSpy
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar

Fresh hijackThis List
Logfile of HijackThis v1.99.1
Scan saved at 1:59:30 PM, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Documents and Settings\Bonnie\Desktop\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lil-mwa.space...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEACE003-00D1-4AE7-872F-BA6F9B009374}: NameServer = 203.134.64.66,203.134.65.66
O18 - Protocol: bw+0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

Kindest Regards


Bonnie
  • 0

#6
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hello Again bonnie 67!

Please Print out these instructions for future reference.

==================================

Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp
==================================

1. Please UNINSTALL the following programs through the ADD/REMOVE feature of your Control Panel:

XoftSpy
SweetIM For Internet Explorer 1.0a
Messenger Plus! 3


2. Now, using Windows Explorer, I need you to DELETE the following folder(s) and all their content(If present):

C:\Program Files\XoftSpy
C:\Program Files\Macrogaming
C:\Program Files\SweetIM For Internet Explorer 1.0a
C:\Program Files\Messenger Plus! 3


We highly recommend the uninstallation of Messenger Plus! 3 because the sponsor is bundled with malware, and usually does cause a serious infection called LOP. When we finish getting you clean, we can have you reinstall Messenger Plus! 3 WITHOUT the sponsor.

Again, SweetIM is an optional removal, but you said you removed it, SweetIM shows on the list.

XoftSpy has been delisted from Spyware Warrior's Rogue List. Since the program was on it I recommend to uninstall it and use programs from the trustworthy list which can be viewed on the same page.

Please note any other programs that you dont recognize in that list in your next response

==================================

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
==================================

So, In the next reply:
1)AVG Anti-Spware Log
2)Fresh HijackThis Log

logreeval
  • 0

#7
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Well good morning. thanks for your help in this matter. Ran AVG and deleted messager plus 3. that was hard lol. Could you please let me know how to install without the sponsors and also have a look at my hijacklist to see if there is anything else i can do to make my system run faster.

HijackThis List

Logfile of HijackThis v1.99.1
Scan saved at 7:49:05 AM, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\myob16\Myob.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Bonnie\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lil-mwa.space...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEACE003-00D1-4AE7-872F-BA6F9B009374}: NameServer = 203.134.64.66,203.134.65.66
O18 - Protocol: bw+0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

AVG Scan List

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:05:12 AM 29/11/2006

+ Scan result:



Nothing found.


::Report end

Look forward to hearing from you soon.

Kindst Regards


Bonnie

ps hope you have a great Christmas
  • 0

#8
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Hey bonnie 67

If you want to install Messenger Plus! 3 again, it is alright, but you need to make sure that you do not install the sponsor that comes along with it.

Merry Christmas, you are CLEAN! If there are any more problems, just ask.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#9
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi again

forgot to let you know something. When i tried to install Java i was able to open the page but when i pressed the download button it kept coming up

The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.

can you please help to down load it please.

Look forward to hearing your advice


Kindest Regards




Bonnie
HAPPY MEMBER
  • 0

#10
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hey guys

Can you tell me what worm or virus i could of had that eats and destroys all my "my documents" and "photos" i mean leaves a folder but it is completly empty. it has left some but destroyed the others.

Very worried person. Hope it has gone

and yes now i am going to do a back up

silly stupid me
  • 0

Advertisements


#11
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hello again

more to the story. now no laughing you computer geeks lol

thought when my EWIDO spyware got merged with AVG it also merged with my Anti Virus protector. so i thought i delete my AVG anti Virus protector. Now you are laughing.

Realised my mistake (through a depate and lost) and reinstalled it. found the following little suckers

could these suckers be the colprut for erasing my files???

could you please check them and tell me if should do anything else.

i have left them in the vault

Trojan horse Generic2.BKX C:\WINDOWS\Downloaded Program Files\FreeAccess.ocx 11/27/2006 4:35:11 PM FreeAccess.ocx 12.78 KB
Trojan horse Generic.YME C:\WINDOWS\system32:c_202gp.nls 11/27/2006 5:49:48 PM system32:c_202gp.nls 116 KB


My hijackthis log is as followers

Logfile of HijackThis v1.99.1
Scan saved at 2:20:08 PM, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Harmony Software\Light5\Bin\Light5.EXE
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wisptis.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\myob16\Myob.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Documents and Settings\Bonnie\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lil-mwa.space...ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEACE003-00D1-4AE7-872F-BA6F9B009374}: NameServer = 203.134.64.66,203.134.65.66
O18 - Protocol: bw+0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

Look forward to your advice.

Bonnie

SILLY BLONDE :whistling:
  • 0

#12
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
Don't worry, we will get you cleaned up :whistling:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.
  • Right click on gmer.exe and select rename, rename it to test.exe
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.
logreeval
  • 0

#13
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Thanks. I deleted my nasty little suckers from the vault. didnt want them to escape and do more damage.

here is the log you requested. im glad you can understand it and it means something to you.

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-01 05:34:42
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Grisoft\AVG7\avgemc.exe[200] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Grisoft\AVG7\avgemc.exe[200] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Grisoft\AVG7\avgemc.exe[200] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Grisoft\AVG7\avgemc.exe[200] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Grisoft\AVG7\avgemc.exe[200] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Grisoft\AVG7\avgemc.exe[200] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[244] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[244] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[244] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\QuickTime\qttask.exe[244] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\alg.exe[352] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\alg.exe[352] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\alg.exe[352] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\alg.exe[352] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\alg.exe[352] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\services.exe[556] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[556] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[556] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[608] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[608] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[608] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[608] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[608] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[716] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[716] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 15, 5F ]
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[832] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[832] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[832] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[832] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\explorer.exe[848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[848] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\explorer.exe[848] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\explorer.exe[848] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[848] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1192] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1192] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1192] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1192] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1192] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1216] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1216] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1216] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1216] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[1228] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[1228] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[1228] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[1228] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[1228] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1244] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1244] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1244] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1244] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1244] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[1244] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\DOCUME~1\Bonnie\LOCALS~1\Temp\Temporary Directory 1 for Test.zip\gmer.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\DOCUME~1\Bonnie\LOCALS~1\Temp\Temporary Directory 1 for Test.zip\gmer.exe[1336] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\DOCUME~1\Bonnie\LOCALS~1\Temp\Temporary Directory 1 for Test.zip\gmer.exe[1336] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\DOCUME~1\Bonnie\LOCALS~1\Temp\Temporary Directory 1 for Test.zip\gmer.exe[1336] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\DOCUME~1\Bonnie\LOCALS~1\Temp\Temporary Directory 1 for Test.zip\gmer.exe[1336] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\DOCUME~1\Bonnie\LOCALS~1\Temp\Temporary Directory 1 for Test.zip\gmer.exe[1336] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1364] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1364] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1364] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[1364] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1440] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1440] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1440] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1440] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1468] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1468] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1468] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Windows Defender\MSASCui.exe[1468] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\drivers\KodakCCS.exe[1588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\drivers\KodakCCS.exe[1588] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\drivers\KodakCCS.exe[1588] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\drivers\KodakCCS.exe[1588] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\drivers\KodakCCS.exe[1588] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1636] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1636] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1636] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1636] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1668] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1668] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1668] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\nvsvc32.exe[1668] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1764] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1764] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1764] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1764] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[1764] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1952] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[1976] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[1976] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[1976] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\wdfmgr.exe[1976] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2004] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2004] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2004] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2004] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2004] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2244] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2244] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2244] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2244] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2244] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2320] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2320] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2320] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2320] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2320] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2388] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2388] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2388] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2388] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2388] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\FinePixViewer\QuickDCF.exe[2604] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\FinePixViewer\QuickDCF.exe[2604] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\FinePixViewer\QuickDCF.exe[2604] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\FinePixViewer\QuickDCF.exe[2604] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\FinePixViewer\QuickDCF.exe[2604] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[2844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[2844] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[2844] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[2844] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[2844] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[2844] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3044] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3044] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3044] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3044] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\system32\svchost.exe[3044] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3044] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[3128] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[3128] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[3128] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[3128] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[3128] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[3128] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3548] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3548] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3548] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3548] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3548] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3548] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe[3564] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe[3564] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe[3564] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe[3564] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe[3564] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe[3564] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Miranda IM\miranda32.exe[3652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Miranda IM\miranda32.exe[3652] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Miranda IM\miranda32.exe[3652] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Miranda IM\miranda32.exe[3652] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Miranda IM\miranda32.exe[3652] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Miranda IM\miranda32.exe[3652] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\wisptis.exe[3932] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\wisptis.exe[3932] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\wisptis.exe[3932] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\wisptis.exe[3932] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\system32\wisptis.exe[3932] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\wisptis.exe[3932] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AC3846] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8AC3846] avgtdi.sys

---- EOF - GMER 1.0.12 ----


Look forward to hearing from you and thanks again for taking the time in answering this problem. i know that you guys are volunteers and i really appreciate the time you put into solving my problems.

Kindest Regards


Bonnie
  • 0

#14
logreeval

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
There is a couple things you missed here Bonnie

We need you to unzip it to your desktop, and rename it, Make sure to read the directions :whistling:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

  • Right click on gmer.exe and select rename, rename it to test.exe
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.


  • 0

#15
bonnie_67

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
i didnt know which one to down load


The latest version of GMER 1.0.12.12011

GMER runs only on Windows NT/W2K/XP


GMER application: gmer.zip ( 450kB )

Userland rootkit detector: catchme.exe ( 25kB )

Gromozon rootkit unhooking : gromozon.wmv ( 0,6MB Windows Media Video 9 codec )

Log samples: Rustock.B, Gromozon, Haxdoor, hxdef, BadRKDemo

IceSword + DarkSpy + GMER + pe386 rootkit : pe386.wmv ( 0,5MB Windows Media Video 9 codec )

KAV6 PDM vs very_bad_rootkit : kav6.wmv ( 1,4MB Windows Media Video 9 codec )

Example of GMER system protection : gmer.avi ( 4,5MB DivX avi file)

Example of rootkit scanning: sysbus32.avi ( 3,8MB DivX avi file)


i downn loaded the gmer.zip to my desk top and changed it test on my desktop but i didnt need to un zip it so i must of downloaded the wrong one :blink:

can you please tell me which one i need to download

very confused operater :whistling:


Bonnie
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP