Please Help - BSOD - STOP: 0x0000007 (0x000000D

Question

I have a Dimension 8300 with XP Pro that I am trying to fix for a friend.  The initial problem was a BSOD with the error STOP:  0x0000007 (0x000000D ..... which happens a few seconds after the initial XP splash screen on boot-up.  Last Known Good would allow me to get further - I would get to the desktop but it would crash after about 30 seconds with the same error.    I was able to get into Safe Mode and it stayed running.  Then I found a cleaned about 2,500 spyware using Adaware & Spybot.  A few of them, such as CommonName, WildTangent, TheBestOffers were a little trickier to remove but after doing some Google searches for help I was able to remove them also.    The Norton Anti-Virus that was once installed was now nowhere to be found.  I used a boot CD with Mcafee which found a cleaned several viruses.   I've run the Dell diagnostics - no errors.  I ran chkdsk /r from the XP Recovery Console - it found and repaired some bad sectors.  I ran it a 2nd time and it came up clean.  I've re-seated the memory.  I've tried a different video card.  I've removed the sound card and modem card.  Unfortunately, I'm still getting the same BSOD STOP error.  Here is the hijackthis.log that I just ran:   Sorry, it's a big log.  I'll have to send it in 2 postings.    Any suggestions would be very much appreciated.  - Thanks   Logfile of HijackThis v1.99.1 Scan saved at 5:09:39 PM, on 10/8/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ O3 - Toolbar: Search - {E156A28A-7B3D-EA3D-DE42-C0DF12748C1E} - C:\WINDOWS\mrexhdaq.dll O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [ykjdelh] C:\WINDOWS\ykjdelh.EXE O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [type32] 'C:\Program Files\Microsoft IntelliType Pro	ype32.exe' O4 - HKLM\..\Run: [tqdqenc] C:\WINDOWS	qdqenc.EXE O4 - HKLM\..\Run: [tqdqdll] C:\WINDOWS	qdqdll.EXE O4 - HKLM\..\Run: [TkBellExe] 'C:\Program Files\Common Files\Real\Update_OBealsched.exe'  -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe O4 - HKLM\..\Run: [Safe Owns Ante Hide] C:\Documents and Settings\All Users\Application Data	itle 2 safe owns	ons grey.exe O4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottime O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [NI.UWFX5_0001_LP] 'C:\WINDOWS\Downloaded Program Files\UWFX5_0001_LPNetInstaller.exe' O4 - HKLM\..\Run: [MoneyStartUp10.0] 'C:\Program Files\Microsoft Money\System\Activation.exe' O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [lxbymon.exe] 'C:\Program Files\Lexmark P910 Series\lxbymon.exe' O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] 'C:\Program Files\iTunes\iTunesHelper.exe' O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124730992\ee\AOLHostManager.exe O4 - HKLM\..\Run: [FTKbA8] 'C:\WINDOWS\system32\cxtpls_loader.EXE' /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2 O4 - HKLM\..\Run: [FaxCenterServer] 'C:\Program Files\Lexmark Fax Solutions\fm3032.exe' /s O4 - HKLM\..\Run: [EzPrint] 'C:\Program Files\Lexmark P910 Series\ezprint.exe' O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe 'C:\Program Files\AIM\DeadAIM.ocm',ExportedCheckODLs O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CMESys] 'C:\Program Files\Common Files\CMEII\CMESys.exe' O4 - HKLM\..\Run: [cilbmsp] c:\windows\system32\dadvqhh.exe r O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16 O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [AdaptecDirectCD] 'C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe' O4 - HKLM\..\Run: [239k33h] wmic32gt.exe O4 - HKCU\..\Run: [MSMSGS] 'C:\Program Files\Messenger\msmsgs.exe' /background O4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\Dell Support\DSAgnt.exe' /startup O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab O16 - DPF: {72CEAE02-DF9C-49F3-9689-10D1B82DC343} - http://64.49.221.101/toolbar/ToolBar.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.flipside.com/cab/WONWebLauncherControl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4598/mcfscan.cab

warnerjr · Answer

2nd half of log:

O18 - Protocol: bw+0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {18B325D5-71F7-4EF4-B9FD-4090B1B320AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: repairs.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Administrator.PLAYROOM\Desktop\cwshredder.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbycoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\uigyllp.exe (file missing)

RKinner · Answer

Download the Hoster from:

www.funkytoad.com/

Unpack to your desktop and run it. Select Restore Original Hosts.

Get DelDomain.inf from:

http://www.mvps.org/winhelp2002/DelDomains.inf and then right click on it and Install.

Also download and install ccleaner.exe from http://www.ccleaner.com. Don't let
it clean anything yet.

Get Killbox.exe from:

http://www.bleepingcomputer.com/files/killbox.php

Save it to your desktop.

Run it and where it says Full Path of File to Delete put in:
C:\Documents and Settings\All Users\Application Data\title 2 safe owns

Check the Delete on Reboot and DELTREE options and press the red button.
Agree you want it to delete but do not let it reboot.

Repeat (Delete on Reboot and DELTREE ) for:
C:\WINDOWS\System32\P2P Networking

C:\Program Files\Common Files\CMEII

C:\Program Files\Common Files\GMT

Repeat (Delete on Reboot and Unregister DLL ) for:

C:\Program Files\CxtPls\CxtPls.dll

If you get a message about an External Process then try again when you get to Safe Mode.
Let it reboot after the last one.

Reboot into Safe Mode by tapping the F8 key when you see the PC
maker's logo.
Keep tapping until it tells you it is going to Safe Mode or you see the Safe
Mode menu. Select the top option. Log in with your usual login.

Run HijackThis and just do a Scan only. Check then Fix
Checked the following:

O3 - Toolbar: Search - {E156A28A-7B3D-EA3D-DE42-C0DF12748C1E} - C:\WINDOWS\mrexhdaq.dll
O4 - HKLM\..\Run: [ykjdelh] C:\WINDOWS\ykjdelh.EXE
O4 - HKLM\..\Run: [tqdqenc] C:\WINDOWS\tqdqenc.EXE
O4 - HKLM\..\Run: [tqdqdll] C:\WINDOWS\tqdqdll.EXE
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [Safe Owns Ante Hide] C:\Documents and Settings\All Users\Application Data\title 2 safe owns\tons grey.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [NI.UWFX5_0001_LP] "C:\WINDOWS\Downloaded Program Files\UWFX5_0001_LPNetInstaller.exe"
O4 - HKLM\..\Run: [FTKbA8] "C:\WINDOWS\system32\cxtpls_loader.EXE" /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2 /PC=CP.AOP2
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [cilbmsp] c:\windows\system32\dadvqhh.exe r
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [239k33h] wmic32gt.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O16 - DPF: {72CEAE02-DF9C-49F3-9689-10D1B82DC343} - http://64.49.221.101/toolbar/ToolBar.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://www.flipside.com/cab/WONWebLauncherControl.cab
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\uigyllp.exe (file missing)

(Also check anything that was not in your last scan. These things tend to change names every reboot.)

Wait 60 seconds and repeat the scan. Did any of the above come back? IF so
leave HijackThis up and right click on the clock and select Task Manager. Then
Processes. Find Explorer.exe, right click on it and select End Process. The
desktop will disappear but HijackThis should still be there. IF you don't see
it switch to Applications in Task Manager and highlight it there then press
Switch To or just double click on it. Check and Fix Checked the above again.
Restart Explorer by Task Manager, File, New Task(Run), explorer.exe, OK.

Now run ccleaner.exe. On the first page, uncheck everything but the two lines
that have the word Temporary in them then Run Cleaner.

Reboot into normal mode and run another HijackThis log and post it as a reply. Let's
see how we did.

Ron

warnerjr · Answer

Ron,   Thank you very much for your response, but after messing with this problem all of last week and this weekend, I decided to rebuild it about an hour ago.  I was just about to post this message when I saw your reply.  I'm sorry for taking up your time.  FYI - I did try some other utilities that I found from various other forums, CCleaner, Ewido, MWavScan, CWShredder, which did find and clean some additional problems but I still had no luck fixing the BSOD.   Thanks again, -Warner

Virus & Spyware

Was this post helpful?