rydiakumori Posted October 11, 2008 Report Share Posted October 11, 2008 I let my brother use my computer for 5 mins, to check his myspace, and he got a pop up that was meant to look like a "Blue screen of death" I am not sure what he did, but now every time I start my computer, my background changes to what looks like a Window's Vista error window (I have windows XP) Telling me I have spyware on my computer and i need to install a antivirus or spyware remover to get rid of it. It will also give me a internet explorer error every once in a while, that gives me the option to download the rapidantivirus.com (?) clicking cancel just leads to another error that only gives me the option to hit ok, which then opens a popup window, that I can exit out of. This started Thursday Oct 9th. That night, while playing a game, my game froze up and i could not ctrl+alt+delete into exiting out of it and since it was a full screen game and i couldnt do anything (I dont believe my computer froze up, I was talking to some friends of mine using Ventrilo, and it was still working) I had to manually restart my computer. I ran adaware and tried using that to get rid of it, but every time i restart my computer its back again, and I even went to where adware told me the problem was in the directory and deleted it myself but its just back again when i restart. Today I had to manually restart my computer again when it froze but this time, it was really slow and when it finaly got to the blue "Windows is starting up" screen, it would not budge past this point. My mouse still worked, but I could not get it to do anything. I eventually had to make windows restart in a previous working configuration to get it working again. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:41:28 AM, on 10/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Maxtor\Utils\SyncServices.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exeC:\WINDOWS\system32\sessmgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Logitech\G-series Software\LCDMon.exeC:\Program Files\Maxtor\ManagerApp\Onetouch.exeC:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exeC:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exeC:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exeC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\WINDOWS\system32\lphct7rj0e9j3.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exeC:\Program Files\Ventrilo\Ventrilo.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exeO4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"O4 - HKLM\..\Run: [lphct7rj0e9j3] C:\WINDOWS\system32\lphct7rj0e9j3.exeO4 - HKLM\..\Run: [4524b4c0] rundll32.exe "C:\WINDOWS\system32\pbhymohx.dll",bO4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startupO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO15 - Trusted Zone: http://*.trymedia.com (HKLM)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Filter hijack: text/html - {37e15ace-8e42-4089-a347-63795bcc8d7a} - C:\WINDOWS\system32\msiebbar.dllO20 - AppInit_DLLs: eftyrj.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeO23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeO23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exeO23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe--End of file - 22424 bytes Link to post Share on other sites
jpshortstuff Posted October 12, 2008 Report Share Posted October 12, 2008 Hi, and Welcome to BestTechie My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.Your HijackThis log is unreadable.Please open notepad, click Format and make sure Word Wrap is unchecked.Then, scan again with HijackThis and post the resulting log.Thanks. Link to post Share on other sites
rydiakumori Posted October 12, 2008 Author Report Share Posted October 12, 2008 Ok, here it is..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:47:23 PM, on 10/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Maxtor\Utils\SyncServices.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exeC:\Program Files\Logitech\G-series Software\LCDMon.exeC:\Program Files\Maxtor\ManagerApp\Onetouch.exeC:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exeC:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exeC:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exeC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\WINDOWS\system32\lphct7rj0e9j3.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\.tt12A.tmpC:\WINDOWS\system32\rundll32.exeC:\Program Files\Ventrilo\Ventrilo.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exeO4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"O4 - HKLM\..\Run: [lphct7rj0e9j3] C:\WINDOWS\system32\lphct7rj0e9j3.exeO4 - HKLM\..\Run: [4524b4c0] rundll32.exe "C:\WINDOWS\system32\elumpfpy.dll",bO4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startupO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO15 - Trusted Zone: http://*.trymedia.com (HKLM)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Filter hijack: text/html - {37e15ace-8e42-4089-a347-63795bcc8d7a} - C:\WINDOWS\system32\msiebbar.dllO20 - AppInit_DLLs: ngcvhi.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeO23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeO23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exeO23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe--End of file - 22327 bytes Link to post Share on other sites
jpshortstuff Posted October 13, 2008 Report Share Posted October 13, 2008 Hi, thanks for that.You don't appear to be running any Anti-Virus software.Install Anti-Virus software! Without any anti-virus software, your computer is wide open to infection. If you don't have any Anti-Virus software I strongly recommend you download Avast! or AVG FreeViewpoint Manager is often installed without the users permission. If you didn't install it, or if you did but you no longer use it, I recommend you get rid of it.Please click Start >> Control Panel >> Add or Remove Programs.Find the item below on the list and click Remove.Viewpoint ManagerLet me know how it goes.Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a convenient location.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtPost that log back here.Download ComboFix by sUBs from here or hereNote: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.**Save it to your desktop**Double click on ComboFix.exe & follow the prompts.When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT logNotes:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know. ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Thanks. Link to post Share on other sites
rydiakumori Posted October 14, 2008 Author Report Share Posted October 14, 2008 Thank you very much!I couldnt find Veiwpoint manager... all that was there was veiwpoint media center. I removed that.My malware log: Malwarebytes' Anti-Malware 1.28Database version: 1266Windows 5.1.2600 Service Pack 210/13/2008 11:12:05 PMmbam-log-2008-10-13 (23-12-05).txtScan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)Objects scanned: 202804Time elapsed: 4 hour(s), 21 minute(s), 49 second(s)Memory Processes Infected: 1Memory Modules Infected: 3Registry Keys Infected: 20Registry Values Infected: 7Registry Data Items Infected: 4Folders Infected: 0Files Infected: 44Memory Processes Infected:C:\WINDOWS\system32\lphct7rj0e9j3.exe (Trojan.FakeAlert) -> Unloaded process successfully.Memory Modules Infected:C:\WINDOWS\system32\fccdcBTj.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\iieysock.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\ripkxt.dll (Trojan.Vundo) -> Delete on reboot.Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomdeutn (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{24c1ea9c-6f9b-4bf3-8872-bb0f9e5c0105} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34eab1ae-2929-46fd-a307-654d1d2092ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{34eab1ae-2929-46fd-a307-654d1d2092ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99b19910-eab0-4027-894f-74c910308a28} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{99b19910-eab0-4027-894f-74c910308a28} (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4524b4c0 (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphct7rj0e9j3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccdcbtj -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccdcbtj -> Delete on reboot.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\qoMdEuTN.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ripkxt.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\fccdcBTj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\jTBcdccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\jTBcdccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\elumpfpy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ypfpmule.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\iieysock.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\kcosyeii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3U6N93EQ\uaqrta[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0A0KGZ8T\uaqrta[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\64E58BTQ\superfindout_com[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6TSF47MJ\hyta[1].jpg (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0002817.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0002818.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\cvalpkrx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ebcpiuis.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\eftyrj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\hidbgfag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\jkkIYpnO.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kcfycw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\lpratx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\nbgess.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ngcvhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\obagaeie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\pftxxhbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\system32\trz51.tmp (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\tvsqiydf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\37C90223.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\39DF877D.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\ED279AB4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\blphct7rj0e9j3.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\lphct7rj0e9j3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\phct7rj0e9j3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\TDSSf313.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\WINDOWS\system32\TDSSerrors.log (Trojan.TDSS) -> Quarantined and deleted successfully.And Now my combofix log: ComboFix 08-10-14.03 - Compaq_Administrator 2008-10-14 15:15:19.1 - NTFSx86Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\test.txtC:\WINDOWS\IE4 Error Log.txtC:\WINDOWS\system32\aithwjmj.iniC:\WINDOWS\system32\rmefohww.iniC:\WINDOWS\system32\xhomyhbp.iniD:\Autorun.inf.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_SYSREST.SYS((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 ))))))))))))))))))))))))))))))).2008-10-14 15:13 . 2008-10-14 15:13 0 --a------ C:\WINDOWS\LCDMedia.INI2008-10-13 18:45 . 2008-10-13 18:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-10-13 18:45 . 2008-10-13 18:45 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes2008-10-13 18:45 . 2008-10-13 18:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-10-13 18:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys2008-10-13 18:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys2008-10-13 15:39 . 2008-10-13 15:39 <DIR> d-------- C:\Program Files\Alwil Software2008-10-13 00:08 . 2008-10-14 15:24 85,360 --a------ C:\WINDOWS\system32\drivers\667f73e6.sys2008-10-11 06:58 . 2008-10-11 06:58 18 --ah----- C:\SYSREST2008-10-11 05:22 . 2008-10-11 05:22 <DIR> d-------- C:\Program Files\Trend Micro2008-10-10 15:18 . 2008-10-10 15:18 13,312 --ahs---- C:\WINDOWS\system32\Thumbs.db2008-09-21 23:14 . 2008-09-21 23:14 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\QQ Games2008-09-21 19:51 . 2008-09-21 19:51 <DIR> d-------- C:\Program Files\eGames.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-14 19:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-10-14 19:24 --------- d-----w C:\Program Files\SpeedBit Video Accelerator2008-10-14 03:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\RetroExp2008-10-14 03:12 --------- d-----w C:\Program Files\Common2008-10-13 22:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-10-13 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec2008-10-13 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint2008-10-03 02:56 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent2008-10-03 01:04 --------- d-----w C:\Program Files\uTorrent2008-09-22 04:30 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Move Networks2008-08-14 18:33 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\dvdcss2007-01-16 12:16 804 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat2006-12-01 22:20 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-14 66912][HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-03-08 910336]"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 4662776]"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 50528]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-07-14 3065344][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" [2004-05-17 34304][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 7573504]"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]"MaxtorOneTouch"="C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2007-02-27 716456]"RetroExpress"="C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe" [2007-01-22 9385504]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-07-14 2705008][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Index Washer"="C:\Program Files\Webroot\Washer\WashIdx.exe" [2004-05-17 34304][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=ripkxt.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnkbackup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnkbackup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^MP3 Downloads (silent).lnk]path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\MP3 Downloads (silent).lnkbackup=C:\WINDOWS\pss\MP3 Downloads (silent).lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]C:\WINDOWS\system32\dumprep 0 -k [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrankLoader]--a------ 2006-10-30 22:11 28672 C:\Program Files\Soundcrank\Soundcrank Plugin\CrankLoader.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]--a------ 2006-12-14 13:28 2801664 C:\Program Files\Electronic Arts\EA Link\Core.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]--a--c--- 2005-08-05 16:56 64512 C:\WINDOWS\ehome\ehtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2005-02-17 02:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]--a------ 2006-02-15 18:34 249856 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]--a------ 2006-12-02 01:04 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]--a------ 2005-09-07 07:33 434176 C:\Program Files\Logitech\Video\CameraAssistant.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]--a--c--- 2004-11-01 19:22 262144 C:\WINDOWS\system32\ElkCtrl.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]--a------ 2005-01-18 18:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]--a------ 2005-09-07 07:39 73728 C:\Program Files\Logitech\Video\InstallHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]--a--c--- 2005-09-01 14:04 221184 C:\WINDOWS\system32\LVCOMSX.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]--a------ 2006-11-08 20:03 323216 C:\Program Files\Napster\napster.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]-ra------ 2006-04-28 03:47 7573504 C:\WINDOWS\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]-ra--c--- 2006-04-28 03:47 86016 C:\WINDOWS\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]--a--c--- 2005-07-22 18:14 237568 C:\WINDOWS\SMINST\Recguard.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]--a------ 2006-07-14 13:54 1957977 C:\Program Files\tunebite\tunebite.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]--a------ 2006-10-24 17:10 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]--a------ 2005-12-20 15:34 32768 C:\Program Files\Ideazon\ZEngine\Zboard.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]--a--c--- 2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]--a--c--- 2004-06-07 10:05 106496 C:\WINDOWS\system32\ftutil2.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a--c--- 2006-05-09 11:50 1519616 C:\WINDOWS\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]--a--c--- 2006-06-13 16:05 16239616 C:\WINDOWS\RTHDCPL.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"wuauserv"=2 (0x2)"Symantec Core LC"=3 (0x3)"SPBBCSvc"=3 (0x3)"SNDSrvc"=3 (0x3)"SAVScan"=3 (0x3)"navapsvc"=2 (0x2)"LVPrcSrv"=2 (0x2)"Fax"=3 (0x3)"Eventlog"=2 (0x2)"ERSvc"=2 (0x2)"ccISPwdSvc"=3 (0x3)"ccEvtMgr"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\DISC\\DISCover.exe"="C:\\Program Files\\DISC\\DiscStreamHub.exe"="C:\\Program Files\\DISC\\myFTP.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"="C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"="C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=R1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-07-19 78416]R2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-07-14 35584]R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-07-14 292472]R2 WUSB300NSvc;WUSB300NSvc;C:\Program Files\Linksys\WUSB300N\WLService.exe WUSB300N.exe [ ]R2 WUSB54Gv42SVC;WUSB54Gv42SVC;C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv42.exe [ ]R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2006-12-13 513152]S3 Alpham;Ideazon Fang Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2005-12-04 34944]S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2003-10-14 140416]S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 16768]S3 Sus2pl;Susteen Universal Cable II;C:\WINDOWS\system32\DRIVERS\sus2pl.sys [2004-03-31 43392]S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-02-03 37632]S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-02-03 37632][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7a5ee7c-a47c-11db-961d-0018f3cb60b3}]\Shell\AutoRun\command - J:\wd_windows_tools\setup.exe.- - - - ORPHANS REMOVED - - - -BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)BHO-{1cad29df-1d6d-41a2-8c55-eaa2c7edcdeb} - C:\Program Files\Internet Explorer\Custom\hlpcodec.dllBHO-{A5EA2DF0-ABC9-42B1-9A46-D8DA2D625A67} - (no file)HKLM-Run-TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exeNotify-hlpcodec - C:\Program Files\Internet Explorer\Custom\hlpcodec.dllMSConfigStartUp-ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exeMSConfigStartUp-IS CfgWiz - c:\Program Files\Norton Internet Security\cfgwiz.exeMSConfigStartUp-SSC_UserPrompt - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe.------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\vuur9z07.default\FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50fftrie7FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-14 15:22:14Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\667f73e6]"ImagePath"="\SystemRoot\System32\drivers\667f73e6.sys".------------------------ Other Running Processes ------------------------.C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\arservice.exeC:\WINDOWS\ehome\ehrecvr.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Maxtor\Utils\SyncServices.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exeC:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exeC:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exeC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\Retrospect.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exeC:\WINDOWS\system32\imapi.exeC:\WINDOWS\system32\verclsid.exe.**************************************************************************.Completion time: 2008-10-14 15:31:37 - machine was rebootedComboFix-quarantined-files.txt 2008-10-14 19:31:33Pre-Run: 53,626,458,112 bytes freePost-Run: 53,524,963,328 bytes free262And Lastly, a new HJT log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:45:53 PM, on 10/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Maxtor\Utils\SyncServices.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Logitech\G-series Software\LGDCore.exeC:\Program Files\Logitech\G-series Software\LCDMon.exeC:\Program Files\Maxtor\ManagerApp\Onetouch.exeC:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exeC:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\AIM6\aolsoftware.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrospect.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exeO4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"O4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startupO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO15 - Trusted Zone: http://*.trymedia.com (HKLM)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - AppInit_DLLs: ripkxt.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeO23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeO23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeO23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exeO23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe--End of file - 22308 bytesI dont seem to be having any more problems now by the way Link to post Share on other sites
jpshortstuff Posted October 15, 2008 Report Share Posted October 15, 2008 Hi Backup Your Registry with ERUNTPlease download ERUNT from the following link:ERUNTUnzip all the files into a folder of your choice.Double-click Erunt.exe to backup your registry to the folder of your choice.Note: To restore your registry, go to the folder and start ERDNT.exePlease do this: Copy the contents of the Code Box below to Notepad. Name the file as fix.reg Change the Save as Type to All Files and Save it on the desktopREGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=""[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7a5ee7c-a47c-11db-961d-0018f3cb60b3}]Make sure there are NO blank lines before REGEDIT4, and a blank line at the end.Then right-click on the fix.reg file and click merge, say yes to any prompts.Please download FileLook by jpshortstuff from one of these mirrors:Link 1Link 2Double-click FileLook.exe to run it.Ensure that the BBCode Ouput checkbox is checked.Copy the content of the following codebox into the main textfield:C:\WINDOWS\system32\drivers\667f73e6.sysClick the FileLook button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found at C:\fl_log.txtPlease go to Kaspersky website and perform an online antivirus scan.Read through the requirements and privacy statement and click on Accept button.It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.When the downloads have finished, click on Settings.Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programsArchivesMail databases[*]Click on My Computer under Scan.[*]Once the scan is complete, it will display the results. Click on View Scan Report.[*]You will see a list of infected items there. Click on Save Report As....[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.[*]Please post this log in your next reply, along with a fresh HijackThis log.Also, please give a detailed description of how your computer is running and behaving at the moment, listing any remaining problems.Thanks. Link to post Share on other sites
rydiakumori Posted October 16, 2008 Author Report Share Posted October 16, 2008 Ok, filelook firstFileLook.exe v1.0 by jpshortstuffLog created at 21:12:42 on 15/10/2008==============================FileLook - 667f73e6.sysUnable to find file.===============================EOF=Kaspersky...--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Thursday, October 16, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, October 15, 2008 19:40:10 Records in database: 1314132--------------------------------------------------------------------------------Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yesScan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\Scan statistics: Files scanned: 160865 Threat name: 1 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 01:56:24File name / Threat name / Threats countC:\hp\bin\wbug\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2D:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2D:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2The selected area was scanned.and a new HJT log: MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Maxtor\Utils\SyncServices.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exeC:\Program Files\Logitech\G-series Software\LCDMon.exeC:\Program Files\Maxtor\ManagerApp\Onetouch.exeC:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exeC:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exeC:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exeC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exeO4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /autoO4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startupO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO15 - Trusted Zone: http://*.trymedia.com (HKLM)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeO23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeO23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeO23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exeO23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe--End of file - 21891 bytesMy computer is back to acting the way it did before I let my brother use it. The weird background is gone, and I am not getting IE errors anymore with pop ups. It starts up properly now too. I am very happy with it. Link to post Share on other sites
jpshortstuff Posted October 16, 2008 Report Share Posted October 16, 2008 Hi Just a few more things to clean up and update.Please do this: Copy the contents of the Code Box below to Notepad. Name the file as fix.reg Change the Save as Type to All Files and Save it on the desktopREGEDIT4[-HKEY_LOCAL_MACHINE\System\ControlSet004\Services\667f73e6]Make sure there are NO blank lines before REGEDIT4, and a blank line at the end.Then right-click on the fix.reg file and click merge, say yes to any prompts.I'm not sure if you actually have WeatherBug installed, but Kaspersky picked up a few traces. It is considered adware as it displays pop-ups and is used to install My Search Toolbar. A safe alternative to WeatherBug is Weatherpulse. I recommend you uninstall WeatherBug for the above reasons. You can do this by clicking Start >> Control Panel >> Add/Remove Programs and clicking remove by the WeatherBug entry. If you haven't got it then don't worry, the traces may not be significant.Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Updating Java: Download the latest version of Java Runtime Environment (JRE) 6 Update 10. Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10, The Java SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop. Close any programs you may have running - especially any web browsers. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u10-windowsi586.exe to install the newest version.You don't appear to be running any third party Firewall software.Install a firewall! Without a firewall you are very susceptible to being hacked, and people could gain access to your computer. If you don't have a firewall I strongly recommend you download ONE of the following:1) Comodo2) Agnitum3) Sunbelt/KerioYou need to upgrade to Windows XP Service Pack 3. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install Windows XP - Service Pack 3.Make sure you reboot after all this and then post a new HijackThis log. If you are having no more problems then I will post my final clean up and prevention speech, and we can wrap this topic up Thanks. Link to post Share on other sites
rydiakumori Posted October 18, 2008 Author Report Share Posted October 18, 2008 Okay, sorry about the long wait... Sometimes work get in the way. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:32:26 AM, on 10/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Program Files\COMODO\Firewall\cmdagent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Maxtor\Utils\SyncServices.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exeC:\Program Files\Linksys\WUSB300N\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys\WUSB300N\WUSB300N.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Logitech\G-series Software\LCDMon.exeC:\Program Files\Maxtor\ManagerApp\Onetouch.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exeC:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Logitech\G-series Software\Applets\LCDClock.exeC:\Program Files\COMODO\Firewall\cfp.exeC:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Retrospect\Retrospect Express HD 2.0\retrospect.exeC:\Program Files\Ventrilo\Ventrilo.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.18.1.1:8080R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: Java Plug-In SSV Helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDEO4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exeO4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\RETROS~1\RETROS~1.0\RetroExpress.exe /hO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [speedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -hO4 - HKLM\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startupO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUPO4 - HKCU\..\RunOnce: [index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Compaq_Administrator"O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO11 - Options group: [java_sun] Java (Sun)O15 - Trusted Zone: http://*.trymedia.com (HKLM)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1224284534048O18 - Protocol: bw+0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {3AD5D6E1-6BF0-497D-BD3C-FED08E45EDEE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dllO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: COMODO Firewall Pro Helper Service (cmdagent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exeO23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeO23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exeO23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exeO23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe--End of file - 23038 bytes Link to post Share on other sites
jpshortstuff Posted October 19, 2008 Report Share Posted October 19, 2008 Hi.No worries, we all have constraints Log looks good :thumbup:Click Start >> Run, and then type ComboFix /u and hit enter.You can now delete any other tools I had you download and use, unless you wish to keep them.Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:Download Spybot Search and Destroy 1.5 from hereCheck for Updates/ Immunize and run a Full System Scan on a regular basis.SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.Freely available: Download SpywareBlasterDownload and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place Glad we could be of assistance.Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.Stay Clean!jpshortstuff Link to post Share on other sites
rydiakumori Posted October 19, 2008 Author Report Share Posted October 19, 2008 Thank you very much for all of your help! Hopefully, I wont be needing any more help for a very long time Link to post Share on other sites
jpshortstuff Posted October 20, 2008 Report Share Posted October 20, 2008 Glad I could help, and yeah, I hope so too Link to post Share on other sites
jpshortstuff Posted October 20, 2008 Report Share Posted October 20, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts