Laptop Slowing Down!!!! ALOT!!!

  1. 31-05-2007  #21
    awjohnson2
    awjohnson2 is offline Full Member

    Re: Laptop Slowing Down!!!! ALOT!!!

    Combo Fix Report

    "Owner" - 2007-05-30 23:38:44 Service Pack 2
    ComboFix 07-05.27.BV - Running from: "C:\Program Files\SlimBrowser\"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\WINDOWS\system32\atmtd.dll"
    "C:\WINDOWS\system32\atmtd.dll._"


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CMDSERVICE
    -------\LEGACY_NETWORK_MONITOR


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-31 ))))))))))))))))))))))))))))))))))


    2007-05-25 19:14 <DIR> d-------- C:\Documents and Settings\Owner.Apocaliptor\DoctorWeb
    2007-05-25 19:14 <DIR> d-------- C:\DOCUME~1\OWNER~1.APO\DoctorWeb
    2007-05-24 19:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SlimBrowser
    2007-05-24 19:11 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-05-22 18:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-05-22 18:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-05-22 18:09 2,418 --a------ C:\WINDOWS\system32\tmp.reg
    2007-05-17 18:42 <DIR> d-------- C:\WINDOWS\pss
    2007-05-17 18:29 77,312 --a------ C:\WINDOWS\ua2.dll
    2007-05-17 18:28 <DIR> d-------- C:\DOCUME~1\OWNER~1.APO\APPLIC~1\RegistrySmart
    2007-05-10 14:05 <DIR> d-------- C:\Deckard
    2007-05-10 03:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-04-29 21:31 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
    2007-04-29 21:31 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
    2007-04-29 21:31 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
    2007-04-25 00:31 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
    2007-04-25 00:31 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

    2007-05-31 03:41:40 -------- d-----w C:\DOCUME~1\OWNER~1.APO\APPLIC~1\SlimBrowser
    2007-05-31 03:38:36 -------- d-----w C:\Program Files\SlimBrowser
    2007-05-25 23:14:33 -------- d-----w C:\DOCUME~1\OWNER~1.APO\APPLIC~1\U3
    2007-05-23 02:42:07 -------- d-----w C:\Program Files\World of Warcraft
    2007-05-21 15:10:25 -------- d-----w C:\Program Files\Google
    2007-05-21 15:06:05 -------- d-----w C:\Program Files\321Studios
    2007-05-21 15:05:34 -------- d-----w C:\Program Files\CyberLink
    2007-05-21 15:05:33 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-21 15:04:52 -------- d-----w C:\Program Files\SlySoft
    2007-05-19 05:30:20 -------- d-----w C:\DOCUME~1\OWNER~1.APO\APPLIC~1\CyberLink
    2007-05-10 18:02:05 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-05-10 17:59:34 -------- d-----w C:\Program Files\Symantec
    2007-04-30 01:31:10 -------- d-----w C:\Program Files\Common Files\Logitech
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-03-28 15:57:04 -------- d-----w C:\DOCUME~1\OWNER~1.APO\APPLIC~1\Logitech
    2007-03-28 15:13:00 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2007-03-28 15:12:47 -------- d-----w C:\Program Files\Logitech
    2007-03-26 20:41:32 931 ----a-w C:\WINDOWS\system32\winpfz32.sys
    2007-03-22 19:34:09 0 ----a-w C:\wjjkktp.exe
    2007-03-22 19:33:53 0 ----a-w C:\eghrbp.exe
    2007-03-22 19:33:36 0 ----a-w C:\pmgxi.exe
    2007-03-22 19:33:20 0 ----a-w C:\inprrnm.exe
    2007-03-22 19:33:03 0 ----a-w C:\ifmkarh.exe
    2007-03-22 19:32:43 0 ----a-w C:\tejdedqn.exe
    2007-03-22 19:32:29 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
    2007-03-22 19:32:26 0 ----a-w C:\ccqpkwx.exe
    2007-03-22 19:32:10 0 ----a-w C:\aqxrcxnf.exe
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1 ~1.DLL [2006-10-27 01:48]
    {CA6319C0-31B7-401E-A518-A07C3DB8F777}=c:\windows\system32\BAE.dll [2006-01-31 15:54]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "SynTPLpr"="---C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
    "SynTPEnh"="---C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
    "ATICCC"="---C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []
    "SigmatelSysTrayApp"="---stsystra.exe" []
    "SMSERIAL"="---C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" []
    "QuickTime Task"="---C:\Program Files\QuickTime\qttask.exe" []
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-25 00:31]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
    "RegistrySmart"="C:\Program Files\RegistrySmart\RegistrySmart.exe" []
    "MSKDetectorExe"="---C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
    "GrooveMonitor"="---C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" []
    "CloneDVDElbyDelay"="---C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
    "updateMgr"="---C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-03-28 11:13]
    "MSMSGS"="---C:\Program Files\Messenger\msmsgs.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme

    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoClose"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8 E1~1.DLL" [2006-10-27 01:48]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    avgwlntf.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\WdfLoadGroup]

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
    AutoRun\command- F:\LaunchU3.exe -a


    Contents of the 'Scheduled Tasks' folder
    2007-05-19 07:30:00 C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job

    ************************************************** ******************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-30 23:43:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ************************************************** ******************

    Completion time: 2007-05-30 23:44:26 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-30 23:44

    --- E O F ---

    DrWeb Report


    Process.exe;C:\Documents and Settings\Owner.Apocaliptor\Desktop\SmitfraudFix;To ol.Prockill;Incurable.Moved.;
    restart.exe;C:\Documents and Settings\Owner.Apocaliptor\Desktop\SmitfraudFix;To ol.ShutDown.11;Incurable.Moved.;
    Process.exe;C:\WINDOWS\system32;Tool.Prockill;Incu rable.Moved.;
  2. 01-06-2007  #22
    Neal
    Neal is offline Dedicated Member
    Please download the OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\winpfz32.sys
      C:\wjjkktp.exe
      C:\eghrbp.exe
      C:\pmgxi.exe
      C:\inprrnm.exe
      C:\ifmkarh.exe
      C:\tejdedqn.exe
      C:\ccqpkwx.exe
      C:\aqxrcxnf.exe

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    Post a new hijackthis log please.
  3. 02-06-2007  #23
    awjohnson2
    awjohnson2 is offline Full Member
    OT Moveit results


    C:\WINDOWS\system32\winpfz32.sys moved successfully.
    C:\wjjkktp.exe moved successfully.
    C:\eghrbp.exe moved successfully.
    C:\pmgxi.exe moved successfully.
    C:\inprrnm.exe moved successfully.
    C:\ifmkarh.exe moved successfully.
    C:\tejdedqn.exe moved successfully.
    C:\ccqpkwx.exe moved successfully.
    C:\aqxrcxnf.exe moved successfully.

    Created on 06/02/2007 16:52:21



    HiJackThis Log

    Logfile of HijackThis v1.99.1
    Scan saved at 4:53:42 PM, on 6/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SlimBrowser\sbrowser.exe
    C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6453
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6453
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O4 - HKLM\..\Run: [SynTPLpr] ---C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] ---C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] ---"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] ---stsystra.exe
    O4 - HKLM\..\Run: [SMSERIAL] ---C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] ---"C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
    O4 - HKLM\..\Run: [MSKDetectorExe] ---C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [GrooveMonitor] ---"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] ---"C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] ---C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O4 - HKCU\..\Run: [MSMSGS] ---"C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
    O18 - Protocol: bw+0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: offline-8876480 - {0BCB9B7B-7D12-4B7B-9701-8CF4AC63F34F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
    O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - ---"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - ---"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Office Source Engine (ose) - Unknown owner - ---"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
    O23 - Service: PrismXL - Unknown owner - ---C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (file missing)
    O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - ---C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  4. 03-06-2007  #24
    Neal
    Neal is offline Dedicated Member
    Good job!!!


    How is your computer behaving now?
  5. 03-06-2007  #25
    awjohnson2
    awjohnson2 is offline Full Member
    MUCH BETTER!!!!

    You guys are awesome!
  6. 03-06-2007  #26
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Glad it is good.




    If you are no longer having any more trouble here is some preventative measures for you.

    Be sure to re-hide hidden files/folders if you were asked to unhide them

    Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

    http://www.d-a-l.com/help/showthread.php?t=32403

    Flush your restore points in ME and XP, by turning System Restore off and then back on.
    This will create a fresh restore point.

    Explained Here:
    Windows XP: http://vil.nai.com/vil/SystemHelpDoc...ysRestore.aspx

    Explained Here
    Microsoft ME:
    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam


    RegProtect

    This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

    You have the option of allowing(good) items or blocking(bad)items.

    http://www.diamondcs.com.au/index.php?page=regprot


    To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

    1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
    http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

    http://www.microsoft.com/windows/ie/default.asp


    2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
    AVG: http://free.grisoft.com/doc/1

    Avast: http://www.avast.com/eng/avast_4_home.html


    3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
    Windows Defender

    http://www.microsoft.com/athome/secu...e/default.mspx


    4. Consider using a free firewall if you are not already using one. Some good free ones are:
    Kerio
    http://www.sunbelt-software.com/Kerio.cfm

    Zone Labs Personal Firewall:
    Zone Labs



    5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
    Mozilla Firefox: www.mozilla.org/products/firefox/


    6. Consider increasing your browser security by using these programs:
    SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
    SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

    http://www.javacoolsoftware.com/spywareblaster.html


    If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/


    IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
    https://netfiles.uiuc.edu/ehowes/www/resource.htm


    Block access to Untrustworthy Sites

    You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the: MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.



    *Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free
+ Reply to Thread
Page 3 of 3 FirstFirst 1 2 3
« Redirecting from google/yahoo searches | Annoying pop ups in IE(RESOLVED) »