rydiakumori
-
Content Count
6 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by rydiakumori
-
-
Okay, sorry about the long wait... Sometimes work get in the way.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:26 AM, on 10/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrospect.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1224284534048
O18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdagent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 23038 bytes
-
Ok, filelook first
FileLook.exe v1.0 by jpshortstuff
Log created at 21:12:42 on 15/10/2008
==============================
FileLook - 667f73e6.sys
Unable to find file.
==============================
=EOF=
Kaspersky...
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 15, 2008 19:40:10
Records in database: 1314132
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 160865
Threat name: 1
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:56:24
File name / Threat name / Threats count
C:\hp\bin\wbug\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
The selected area was scanned.
and a new HJT log:
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 21891 bytes
My computer is back to acting the way it did before I let my brother use it. The weird background is gone, and I am not getting IE errors anymore with pop ups. It starts up properly now too. I am very happy with it.
-
Thank you very much!
I couldnt find Veiwpoint manager... all that was there was veiwpoint media center. I removed that.
My malware log:
Malwarebytes' Anti-Malware 1.28
Database version: 1266
Windows 5.1.2600 Service Pack 2
10/13/2008 11:12:05 PM
mbam-log-2008-10-13 (23-12-05).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 202804
Time elapsed: 4 hour(s), 21 minute(s), 49 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 20
Registry Values Infected: 7
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 44
Memory Processes Infected:
C:\WINDOWS\system32\lphct7rj0e9j3.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\fccdcBTj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iieysock.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ripkxt.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomdeutn (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34eab1ae-2929-46fd-a307-654d1d2092ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34eab1ae-2929-46fd-a307-654d1d2092ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99b19910-eab0-4027-894f-74c910308a28} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{99b19910-eab0-4027-894f-74c910308a28} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4524b4c0 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphct7rj0e9j3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccdcbtj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccdcbtj -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\qoMdEuTN.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ripkxt.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fccdcBTj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jTBcdccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jTBcdccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elumpfpy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ypfpmule.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iieysock.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kcosyeii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3U6N93EQ\uaqrta[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0A0KGZ8T\uaqrta[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\64E58BTQ\superfindout_com[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6TSF47MJ\hyta[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0002817.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0002818.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cvalpkrx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebcpiuis.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eftyrj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hidbgfag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIYpnO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kcfycw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lpratx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nbgess.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngcvhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obagaeie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pftxxhbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz51.tmp (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tvsqiydf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\37C90223.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\39DF877D.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ED279AB4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphct7rj0e9j3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphct7rj0e9j3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phct7rj0e9j3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSf313.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> Quarantined and deleted successfully.
And Now my combofix log:
ComboFix 08-10-14.03 - Compaq_Administrator 2008-10-14 15:15:19.1 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\test.txt
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\aithwjmj.ini
C:\WINDOWS\system32\rmefohww.ini
C:\WINDOWS\system32\xhomyhbp.ini
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SYSREST.SYS
((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.
2008-10-14 15:13 . 2008-10-14 15:13 0 --a------ C:\WINDOWS\LCDMedia.INI
2008-10-13 18:45 . 2008-10-13 18:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 18:45 . 2008-10-13 18:45 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-10-13 18:45 . 2008-10-13 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-13 18:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-13 18:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-13 15:39 . 2008-10-13 15:39 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-13 00:08 . 2008-10-14 15:24 85,360 --a------ C:\WINDOWS\system32\drivers\667f73e6.sys
2008-10-11 06:58 . 2008-10-11 06:58 18 --ah----- C:\SYSREST
2008-10-11 05:22 . 2008-10-11 05:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-10 15:18 . 2008-10-10 15:18 13,312 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-09-21 23:14 . 2008-09-21 23:14 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\QQ Games
2008-09-21 19:51 . 2008-09-21 19:51 <DIR> d-------- C:\Program Files\eGames
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 19:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-14 19:24 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-10-14 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp
2008-10-14 03:12 --------- d-----w C:\Program Files\Common
2008-10-13 22:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-13 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-13 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-03 02:56 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2008-10-03 01:04 --------- d-----w C:\Program Files\uTorrent
2008-09-22 04:30 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks
2008-08-14 18:33 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\dvdcss
2007-01-16 12:16 804 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2006-12-01 22:20 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-14 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-03-08 910336]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 4662776]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-07-14 3065344]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" [2004-05-17 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 7573504]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2007-02-27 716456]
"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2007-01-22 9385504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-07-14 2705008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" [2004-05-17 34304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ripkxt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^MP3 Downloads (silent).lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\MP3 Downloads (silent).lnk
backup=C:\WINDOWS\pss\MP3 Downloads (silent).lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrankLoader]
--a------ 2006-10-30 22:11 28672 C:\Program Files\Soundcrank\Soundcrank Plugin\CrankLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2006-12-14 13:28 2801664 C:\Program Files\Electronic Arts\EA Link\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2005-08-05 16:56 64512 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-15 18:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-12-02 01:04 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-09-07 07:33 434176 C:\Program Files\Logitech\Video\CameraAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
--a--c--- 2004-11-01 19:22 262144 C:\WINDOWS\system32\ElkCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-01-18 18:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2005-09-07 07:39 73728 C:\Program Files\Logitech\Video\InstallHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a--c--- 2005-09-01 14:04 221184 C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2006-11-08 20:03 323216 C:\Program Files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2006-04-28 03:47 7573504 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
-ra--c--- 2006-04-28 03:47 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2005-07-22 18:14 237568 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
--a------ 2006-07-14 13:54 1957977 C:\Program Files\tunebite\tunebite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-10-24 17:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
--a------ 2005-12-20 15:34 32768 C:\Program Files\Ideazon\ZEngine\Zboard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a--c--- 2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
--a--c--- 2004-06-07 10:05 106496 C:\WINDOWS\system32\ftutil2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2006-05-09 11:50 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2006-06-13 16:05 16239616 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"Fax"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"=
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-07-19 78416]
R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-07-14 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-07-14 292472]
R2 WUSB300NSvc;WUSB300NSvc;C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe [ ]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [ ]
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]
S3 Alpham;Ideazon Fang Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2005-12-04 34944]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 140416]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 16768]
S3 Sus2pl;Susteen Universal Cable II;C:\WINDOWS\system32\DRIVERS\sus2pl.sys [2004-03-31 43392]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-02-03 37632]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-02-03 37632]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7a5ee7c-a47c-11db-961d-0018f3cb60b3}]
\Shell\AutoRun\command - J:\wd_windows_tools\setup.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{1cad29df-1d6d-41a2-8c55-eaa2c7edcdeb} - C:\Program Files\Internet Explorer\Custom\hlpcodec.dll
BHO-{A5EA2DF0-ABC9-42B1-9A46-D8DA2D625A67} - (no file)
HKLM-Run-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Notify-hlpcodec - C:\Program Files\Internet Explorer\Custom\hlpcodec.dll
MSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-IS CfgWiz - c:\Program Files\Norton Internet Security\cfgwiz.exe
MSConfigStartUp-SSC_UserPrompt - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\vuur9z07.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 15:22:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\667f73e6]
"ImagePath"="\SystemRoot\System32\drivers\667f73e6.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-14 15:31:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-14 19:31:33
Pre-Run: 53,626,458,112 bytes free
Post-Run: 53,524,963,328 bytes free
262
And Lastly, a new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:53 PM, on 10/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrospect.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ripkxt.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 22308 bytes
I dont seem to be having any more problems now by the way
-
Ok, here it is..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:23 PM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\lphct7rj0e9j3.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\.tt12A.tmp
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [lphct7rj0e9j3] C:\WINDOWS\system32\lphct7rj0e9j3.exe
O4 - HKLM\..\Run: [4524b4c0] rundll32.exe "C:\WINDOWS\system32\elumpfpy.dll",b
O4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {37e15ace-8e42-4089-a347-63795bcc8d7a} - C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: ngcvhi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
--
End of file - 22327 bytes
-
I let my brother use my computer for 5 mins, to check his myspace, and he got a pop up that was meant to look like a "Blue screen of death" I am not sure what he did, but now every time I start my computer, my background changes to what looks like a Window's Vista error window (I have windows XP) Telling me I have spyware on my computer and i need to install a antivirus or spyware remover to get rid of it. It will also give me a internet explorer error every once in a while, that gives me the option to download the rapidantivirus.com (?) clicking cancel just leads to another error that only gives me the option to hit ok, which then opens a popup window, that I can exit out of. This started Thursday Oct 9th. That night, while playing a game, my game froze up and i could not ctrl+alt+delete into exiting out of it and since it was a full screen game and i couldnt do anything (I dont believe my computer froze up, I was talking to some friends of mine using Ventrilo, and it was still working) I had to manually restart my computer. I ran adaware and tried using that to get rid of it, but every time i restart my computer its back again, and I even went to where adware told me the problem was in the directory and deleted it myself but its just back again when i restart. Today I had to manually restart my computer again when it froze but this time, it was really slow and when it finaly got to the blue "Windows is starting up" screen, it would not budge past this point. My mouse still worked, but I could not get it to do anything. I eventually had to make windows restart in a previous working configuration to get it working again.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:28 AM, on 10/11/2008
Platform: Windows XP SP2 (WinNT
5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-
Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
C:\Program
Files\Maxtor\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Retrospect\Retrospect
Express HD 2.0\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1
\VideoAcceleratorService.exe
C:\Program
Files\Viewpoint\Common\ViewpointService.
exe
C:\Program Files\Linksys Wireless-G PCI
Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI
Wireless Network Monitor\WMP54Gv4.exe
C:\Program
Files\Linksys\WUSB300N\WLService.exe
C:\Program
Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Linksys Wireless-G USB
Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB
Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\G-series
Software\LCDMon.exe
C:\Program
Files\Maxtor\ManagerApp\Onetouch.exe
C:\Program Files\Logitech\G-series
Software\Applets\LCDCountdown\LCDCountdo
wn.exe
C:\Program Files\Logitech\G-series
Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series
Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series
Software\Applets\LCDClock.exe
C:\WINDOWS\system32\lphct7rj0e9j3.exe
C:\Program Files\Common
Files\InstallShield\UpdateService\ISUSPM
.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SPEEDB~1
\VideoAcceleratorEngine.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet
Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PR
ESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=
PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?
LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?
LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defa
ults/sb/msgr8/*http://www.yahoo.com/ext/
search/search.html
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?
LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?
LinkId=69157
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defa
ults/su/msgr8/*http://www.yahoo.com
R1 -
HKCU\Software\Microsoft\Windows\CurrentV
ersion\Internet Settings,ProxyServer =
198.18.1.1:8080
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!
\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) -
{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} -
C:\Program
Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DL
L
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!
\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus -
{C4069E3A-68F1-403E-B40E-20066696354B} -
c:\Program Files\Norton Internet
Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-
DA4B-4daf-81E4-DFEE4931A4AA} -
C:\Program
Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LGDCore]
"C:\Program Files\Logitech\G-series
Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon]
"C:\Program Files\Logitech\G-series
Software\LCDMon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %
systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MaxtorOneTouch]
C:\Program
Files\Maxtor\ManagerApp\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress]
C:\PROGRA~1\RETROS~1\RETROS~1.0
\RetroExpress.exe /h
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [TkBellExe]
"C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -
osboot
O4 - HKLM\..\Run:
[speedBitVideoAccelerator] "C:\Program
Files\SpeedBit Video
Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [lphct7rj0e9j3]
C:\WINDOWS\system32\lphct7rj0e9j3.exe
O4 - HKLM\..\Run: [4524b4c0]
rundll32.exe "C:\WINDOWS\system32
\pbhymohx.dll",b
O4 - HKLM\..\RunOnce: [index Washer]
C:\Program
Files\Webroot\Washer\WashIdx.exe
"Compaq_Administrator"
O4 - HKCU\..\Run: [Window Washer]
C:\Program
Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [iSUSPM] "C:\Program
Files\Common
Files\InstallShield\UpdateService\ISUSPM
.exe" -scheduler
O4 - HKCU\..\Run: [Aim6] "C:\Program
Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\RunOnce: [index Washer]
C:\Program
Files\Webroot\Washer\WashIdx.exe
"Compaq_Administrator"
O4 - .DEFAULT User Startup: Pin.lnk =
C:\hp\bin\CLOAKER.EXE (User 'Default
user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk
= C:\hp\bin\cloaker.exe (User 'Default
user')
O8 - Extra context menu item: &Clean
Traces - C:\Program Files\DAP\Privacy
Package\dapcleanerie.htm
O8 - Extra context menu item: &Download
with &DAP - C:\Program
Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo!
Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download
&all with DAP - C:\Program
Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo!
&Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo!
&Maps - file:///C:\Program Files\Yahoo!
\Common/ycmap.htm
O8 - Extra context menu item: Yahoo!
&SMS - file:///C:\Program Files\Yahoo!
\Common/ycsms.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06
\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java
Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!
\Common\yiesrvc.dll
O9 - Extra button: Internet Connection
Help - {E2D4D26B-0180-43a4-B05F-
462D6D54C789} -
C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=H
ewlett-
Packard,L=Cupertino,S=Ca,C=US\IEButton\s
upport.htm
O9 - Extra 'Tools' menuitem: Internet
Connection Help - {E2D4D26B-0180-43a4-
B05F-462D6D54C789} -
C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=H
ewlett-
Packard,L=Cupertino,S=Ca,C=US\IEButton\s
upport.htm
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo!
Messenger - {E5D12C4E-7B4F-11D3-B5C9-
0050045C3C96} - C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nwprovau.dll
O15 - Trusted Zone:
http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-
fa1d4f56a2ab} (YInstStarter Class) -
C:\Program Files\Yahoo!
\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 -
{9462A756-7B47-47BC-8C80-C34B9B80B32B} -
C:\Program Files\Logitech\Desktop
Messenger\8876480
\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3AD5D6E1-6BF0-
497D-BD3C-FED08E45EDEE} - C:\Program
Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 -
{3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} -
C:\Program Files\Logitech\Desktop
Messenger\8876480
\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html -
{37e15ace-8e42-4089-a347-63795bcc8d7a} -
C:\WINDOWS\system32\msiebbar.dll
O20 - AppInit_DLLs: eftyrj.dll
O23 - Service: Lavasoft Ad-Aware Service
(aawservice) - Lavasoft - C:\Program
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Network Proxy
(ccProxy) - Symantec Corporation -
c:\Program Files\Common Files\Symantec
Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager
(ccSetMgr) - Symantec Corporation -
c:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) -
Symantec Corporation - c:\Program
Files\Norton Internet
Security\comHost.exe
O23 - Service: InstallDriver Table
Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32
\IDriverT.exe
O23 - Service: iPod Service - Apple
Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct
Disc Labeling Service
(LightScribeService) - Hewlett-Packard
Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Protection Center
Service (NSCService) - Symantec
Corporation - c:\Program Files\Common
Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: MaxSyncService
(NTService1) - - C:\Program
Files\Maxtor\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver
Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD
Launcher (RetroExpLauncher) - EMC
Corporation - C:\Program
Files\Retrospect\Retrospect Express HD
2.0\retrorun.exe
O23 - Service: VideoAcceleratorService -
Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1
\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service
- Viewpoint Corporation - C:\Program
Files\Viewpoint\Common\ViewpointService.
exe
O23 - Service: WMP54Gv4SVC - GEMTEKS -
C:\Program Files\Linksys Wireless-G PCI
Wireless Network Monitor\WLService.exe
O23 - Service: WUSB300NSvc - Unknown
owner - C:\Program
Files\Linksys\WUSB300N\WLService.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS -
C:\Program Files\Linksys Wireless-G USB
Wireless Network Monitor\WLService.exe
--
End of file - 22424 bytes
Ry's Hjt Log, Please Help[RESOLVED]
in Malware Removal
Posted
Thank you very much for all of your help! Hopefully, I wont be needing any more help for a very long time