Log taken from friend's machine, she got loaded up with WinAntiVirus 2007, and nothing seems to touch it.
Logfile of HijackThis v1.99.1
Scan saved at 9:39:06 PM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\svhost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\retadpu77.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\cfg32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\WinPop\winpop.exe
C:\WINDOWS\retadpu77.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O4 - HKLM\..\Run: [{ZN}] C:\windows\system32\modsrego.exe SKY003
O4 - HKLM\..\Run: [{CB-BE-E0-05-ZN}] c:\windows\system32\modsrego.exe SKY003
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\pjnrlfqh.dll",realset
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwinpndt.exe SKY003
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Startup: TA_Start.lnk = ?
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\rwinpndt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153168589593
O18 - Protocol: bw+0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,wbsys.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
Also, she is reporting that her antivirus software and firewall appear to be compromised.
Full Version: Winantivirus 2007, Please Help!
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hello,
* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
Logfile of HijackThis v1.99.1
Scan saved at 19:07, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
O2 - BHO: (no name) - {1F494D86-A64F-DBB8-4916-8E8DBD26D49F} - C:\WINDOWS\system32\poouekz.dll (file missing)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96C9AE27-4CC1-4118-973A-F744318C3138} - C:\WINDOWS\system32\awvvu.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153168589593
O18 - Protocol: bw+0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
ComboFix log
"Owner" - 2007-07-02 18:21:49 - ComboFix 07-07-03.3 - Service Pack 2
Unable to gain System Privileges
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\ovdkvyeh.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Owner\APPLIC~1.\ystem~1
C:\DOCUME~1\Owner\APPLIC~1.\ystem~1\m?dtc.exe
C:\DOCUME~1\Owner\MYDOCU~1.\scurit~1
C:\DOCUME~1\Owner\MYDOCU~1.\scurit~1\ntvdm.exe
C:\Documents and Settings\Owner.\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Messenger\mexola83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\svhost
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wintisv32.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))
2007-07-02 18:02 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 03:22 <DIR> d-------- C:\VundoFix Backups
2007-07-02 01:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-07-02 01:10 <DIR> d-------- C:\Program Files\BitZip
2007-07-02 00:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-07-02 00:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-02 00:04 241,904 --a------ C:\WINDOWS\UNBOC.EXE
2007-07-02 00:04 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-07-02 00:04 <DIR> d-------- C:\Program Files\Comodo
2007-07-02 00:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOC424
2007-07-01 21:21 528,384 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-01 21:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Desperate Housewives
2007-07-01 10:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Talkback
2007-06-30 18:54 18,432 --a------ C:\WINDOWS\system32\drivers\ApiMon.sys
2007-06-30 18:50 <DIR> d-------- C:\WINDOWS\system32\F9
2007-06-30 18:50 <DIR> d-------- C:\WINDOWS\system32\F4
2007-06-30 18:50 <DIR> d-------- C:\WINDOWS\system32\F3
2007-06-30 18:50 <DIR> d-------- C:\WINDOWS\system32\F2
2007-06-30 18:50 <DIR> d-------- C:\WINDOWS\system32\F1
2007-06-30 11:55 <DIR> d-------- C:\DOCUME~1\Owner\Contacts
2007-06-30 11:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-30 11:53 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-29 02:34 <DIR> d-------- C:\Program Files\Setup
2007-06-29 02:33 <DIR> d-------- C:\Program Files\WinAce
2007-06-27 22:01 <DIR> d-------- C:\GMouse20
2007-06-27 22:00 283,648 --a------ C:\WINDOWS\uninst.exe
2007-06-20 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-20 23:18 <DIR> d-------- C:\Program Files\GALA-NET
2007-06-20 15:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-06-20 15:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-20 15:11 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-06-20 15:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-20 15:11 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-20 15:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-20 15:11 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-06-20 15:11 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-06-20 15:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-17 23:33 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-05 15:44 2,516 --a------ C:\WINDOWS\system32\drivers\default.bin
2007-06-05 15:44 2,516 --a------ C:\WINDOWS\system32\default.bin
2007-06-05 15:43 671,472 --a------ C:\WINDOWS\system32\drivers\vpn.sys
2007-06-05 15:43 36,400 --a------ C:\WINDOWS\system32\drivers\omdrv.sys
2007-06-05 15:43 32,868 --a------ C:\WINDOWS\system32\ckpginashim.dll
2007-06-05 15:43 24,678 --a------ C:\WINDOWS\system32\vnasc_coinstall.dll
2007-06-05 15:43 24,674 --a------ C:\WINDOWS\system32\ckpNotify.dll
2007-06-05 15:43 2,234,320 --a------ C:\WINDOWS\system32\drivers\fw.sys
2007-06-05 15:43 17,456 --a------ C:\WINDOWS\system32\drivers\scap.sys
2007-06-05 15:43 109,072 --a------ C:\WINDOWS\system32\drivers\vnasc.sys
2007-06-05 15:43 106,593 --a------ C:\WINDOWS\system32\fwnetcfg.dll
2007-06-05 15:43 <DIR> d-------- C:\Program Files\CheckPoint
2007-06-05 15:41 <DIR> d-------- C:\Rockwell
2007-06-05 15:19 <DIR> d-------- C:\Special Data
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-02 22:25:47 -------- d-----w C:\Program Files\Messenger
2007-07-02 21:50:46 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-07-02 05:23:26 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-07-01 19:15:32 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-01 04:52:48 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-01 04:52:10 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 05:46:14 -------- d-----w C:\Program Files\GhostSurf 2005
2007-06-23 05:30:13 -------- d-----w C:\Program Files\Paint Shop Pro 7
2007-06-22 06:38:56 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-06-21 03:18:54 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-15 21:32:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 18:56:19 -------- d-----w C:\Program Files\City of Heroes
2007-06-05 20:52:44 -------- d-----w C:\Program Files\Google
2007-06-05 20:52:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-31 17:33:41 -------- d-----w C:\Program Files\Yahoo!
2007-05-30 16:52:49 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Netscape
2007-05-30 16:50:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Tenebril
2007-05-30 11:22:08 -------- d-----w C:\Program Files\World of Warcraft
2007-05-30 11:21:03 3,104 ----a-w C:\WINDOWS\mozver.dat
2007-05-27 22:49:42 -------- d-----w C:\Program Files\VUGames
2007-05-14 23:40:48 -------- d-----w C:\Program Files\Plasma Pong
2007-05-14 01:41:36 -------- d-----w C:\Program Files\Athian Inc
2007-04-13 01:31:24 911,250 ----a-w C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
2005-01-02 21:25 124624 --a------ C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F494D86-A64F-DBB8-4916-8E8DBD26D49F}]
C:\WINDOWS\system32\poouekz.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96C9AE27-4CC1-4118-973A-F744318C3138}]
C:\WINDOWS\system32\awvvu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 17:23]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 15:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-17 09:13]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-05-17 11:12]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-05-17 15:18]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 C:\WINDOWS\KHALMNPR.Exe]
"GhostSurfDelSatellite"="C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" [2005-01-04 10:17]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 23:54]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"BOC-424"="C:\PROGRA~1\Comodo\CBOClean\BOC424.exe" [2007-06-14 09:28]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-02 00:07]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-13 18:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
**************************************************************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 18:27:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-02 18:30:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-02 18:29
--- E O F ---
umm a couple more weird things .. my clock keeps changing times .. from being completely wrong, to right, to military time..very odd
Also even while I am SIGNED out of Windows Messenger, people can still see I have my computer on and can contact me .....any ideas if this is related to the virus? (this is his friend BTW lol)
Also even while I am SIGNED out of Windows Messenger, people can still see I have my computer on and can contact me .....any ideas if this is related to the virus? (this is his friend BTW lol)
Hi,
Don't worry about the clock now. This is because of Combofix set it that way. We'll deal with that afterwards.
Concerning Your MSN Messenger, I see two instances running. Your Windows Messenger and MSN Messenger. It wouldn't suprise me you got infected with the MSN Messenger worm, so in that case you have to uninstall MSN Messenger as the executable may be infected.
So, uninstall MSN Messenger FIRST.
You can always reinstall it aftewards again.
After you uninstalled MSN Messenger,
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212 <== check this if you didn't set your proxyserver like this
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1F494D86-A64F-DBB8-4916-8E8DBD26D49F} - C:\WINDOWS\system32\poouekz.dll (file missing)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {96C9AE27-4CC1-4118-973A-F744318C3138} - C:\WINDOWS\system32\awvvu.dll (file missing)
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
* Open notepad and copy/paste the text in the quotebox below into it:
Save this as ComboFix-Do.txt
Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
Don't worry about the clock now. This is because of Combofix set it that way. We'll deal with that afterwards.
Concerning Your MSN Messenger, I see two instances running. Your Windows Messenger and MSN Messenger. It wouldn't suprise me you got infected with the MSN Messenger worm, so in that case you have to uninstall MSN Messenger as the executable may be infected.
So, uninstall MSN Messenger FIRST.
You can always reinstall it aftewards again.
After you uninstalled MSN Messenger,
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212 <== check this if you didn't set your proxyserver like this
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1F494D86-A64F-DBB8-4916-8E8DBD26D49F} - C:\WINDOWS\system32\poouekz.dll (file missing)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {96C9AE27-4CC1-4118-973A-F744318C3138} - C:\WINDOWS\system32\awvvu.dll (file missing)
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
* Open notepad and copy/paste the text in the quotebox below into it:
QUOTE
File::
C:\WINDOWS\system32\drivers\ApiMon.sys
Folder::
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F1
C:\Program Files\MSN Messenger
C:\VundoFix Backups
Driver::
ApiMon
C:\WINDOWS\system32\drivers\ApiMon.sys
Folder::
C:\WINDOWS\system32\F9
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F1
C:\Program Files\MSN Messenger
C:\VundoFix Backups
Driver::
ApiMon
Save this as ComboFix-Do.txt
Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
"Owner" - 2007-07-03 23:20:51 - ComboFix 07-07-03.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\MSN Messenger\abssm.dll
C:\Program Files\MSN Messenger\contact.dll
C:\Program Files\MSN Messenger\contactsUX.dll
C:\Program Files\MSN Messenger\custsat.dll
C:\Program Files\MSN Messenger\Device Manager\custom.dll
C:\Program Files\MSN Messenger\Device Manager\dpinst.exe
C:\Program Files\MSN Messenger\Device Manager\dpinst64.exe
C:\Program Files\MSN Messenger\Device Manager\Loc\10\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\1028\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\1046\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\11\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\12\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\16\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\17\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\18\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\19\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\20\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\22\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\25\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\29\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\31\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\4\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\6\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\7\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\8\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\9\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\MSN Messenger\Device Manager\WLPhoneCV.cat
C:\Program Files\MSN Messenger\Device Manager\WLPhoneCV.inf
C:\Program Files\MSN Messenger\dfsr.dll
C:\Program Files\MSN Messenger\ErrorResponse.xml
C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
C:\Program Files\MSN Messenger\highcont.thm
C:\Program Files\MSN Messenger\htc.8.1.0178.00.dll
C:\Program Files\MSN Messenger\lcapi.dll
C:\Program Files\MSN Messenger\lcres.dll
C:\Program Files\MSN Messenger\license.rtf
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\lmcdata.dll
C:\Program Files\MSN Messenger\MessengerClient.dll
C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
C:\Program Files\MSN Messenger\msgrvsta.thm
C:\Program Files\MSN Messenger\msgsc.8.1.0178.00.dll
C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll
C:\Program Files\MSN Messenger\msgsres.dll
C:\Program Files\MSN Messenger\msgswcam.dll
C:\Program Files\MSN Messenger\msidcrl40.dll
C:\Program Files\MSN Messenger\msncore.dll
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msvs.exe
C:\Program Files\MSN Messenger\msvsConfig2.xml
C:\Program Files\MSN Messenger\msvsui.dll
C:\Program Files\MSN Messenger\newalert.wma
C:\Program Files\MSN Messenger\newemail.wma
C:\Program Files\MSN Messenger\nudge.wma
C:\Program Files\MSN Messenger\online.wma
C:\Program Files\MSN Messenger\outgoing.wma
C:\Program Files\MSN Messenger\pcsexeps.dll
C:\Program Files\MSN Messenger\phone.wma
C:\Program Files\MSN Messenger\psmsong.8.1.0178.00.dll
C:\Program Files\MSN Messenger\RTMPLTFM.dll
C:\Program Files\MSN Messenger\softphone.dll
C:\Program Files\MSN Messenger\softphoneps.dll
C:\Program Files\MSN Messenger\softphoneres.dll
C:\Program Files\MSN Messenger\type.wma
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\usnsvcps.dll
C:\Program Files\MSN Messenger\vimdone.wma
C:\Program Files\MSN Messenger\wmp8stub.dll
C:\Program Files\MSN Messenger\wmv9vcm.dll
C:\VundoFix Backups
C:\VundoFix Backups\awvvu.dll.bad
C:\VundoFix Backups\bmglbcan.ini.bad
C:\VundoFix Backups\efcyxxv.dll.bad
C:\VundoFix Backups\mljigdb.dll.bad
C:\VundoFix Backups\nacblgmb.dll.bad
C:\VundoFix Backups\opnopml.dll.bad
C:\VundoFix Backups\urqronm.dll.bad
C:\VundoFix Backups\uvvwa.bak1.bad
C:\VundoFix Backups\uvvwa.bak2.bad
C:\VundoFix Backups\uvvwa.ini.bad
C:\VundoFix Backups\uvvwa.ini2.bad
C:\VundoFix Backups\uvvwa.tmp.bad
C:\VundoFix Backups\vrsoxrjx.ini.bad
C:\VundoFix Backups\xjrxosrv.dll.bad
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F2\mwspasrt83122.exe
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F9
((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))
2007-07-03 01:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-02 22:14 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-02 22:07 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-02 22:07 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-02 22:07 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-02 22:07 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-02 22:07 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-02 22:07 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-02 22:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-02 22:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-07-02 22:06 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-02 22:06 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-02 22:06 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-02 22:06 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-02 22:06 <DIR> d-------- C:\Program Files\Webroot
2007-07-02 22:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-02 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-02 21:58 164 --a------ C:\install.dat
2007-07-02 21:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-02 21:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-07-02 21:20 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-07-02 21:20 <DIR> d-------- C:\Program Files\Hitman Pro
2007-07-02 18:02 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 01:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-07-02 01:10 <DIR> d-------- C:\Program Files\BitZip
2007-07-02 00:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-07-02 00:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-02 00:04 241,904 --a------ C:\WINDOWS\UNBOC.EXE
2007-07-02 00:04 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-07-02 00:04 <DIR> d-------- C:\Program Files\Comodo
2007-07-02 00:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOC424
2007-07-01 21:21 528,384 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-01 21:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Desperate Housewives
2007-07-01 10:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Talkback
2007-06-30 11:55 <DIR> d-------- C:\DOCUME~1\Owner\Contacts
2007-06-30 11:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-29 02:34 <DIR> d-------- C:\Program Files\Setup
2007-06-29 02:33 <DIR> d-------- C:\Program Files\WinAce
2007-06-27 22:01 <DIR> d-------- C:\GMouse20
2007-06-27 22:00 283,648 --a------ C:\WINDOWS\uninst.exe
2007-06-20 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-20 23:18 <DIR> d-------- C:\Program Files\GALA-NET
2007-06-20 15:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-06-20 15:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-20 15:11 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-06-20 15:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-20 15:11 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-20 15:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-20 15:11 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-06-20 15:11 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-06-20 15:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-17 23:33 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-05 15:44 2,516 --a------ C:\WINDOWS\system32\drivers\default.bin
2007-06-05 15:44 2,516 --a------ C:\WINDOWS\system32\default.bin
2007-06-05 15:43 671,472 --a------ C:\WINDOWS\system32\drivers\vpn.sys
2007-06-05 15:43 36,400 --a------ C:\WINDOWS\system32\drivers\omdrv.sys
2007-06-05 15:43 32,868 --a------ C:\WINDOWS\system32\ckpginashim.dll
2007-06-05 15:43 24,678 --a------ C:\WINDOWS\system32\vnasc_coinstall.dll
2007-06-05 15:43 24,674 --a------ C:\WINDOWS\system32\ckpNotify.dll
2007-06-05 15:43 2,234,320 --a------ C:\WINDOWS\system32\drivers\fw.sys
2007-06-05 15:43 17,456 --a------ C:\WINDOWS\system32\drivers\scap.sys
2007-06-05 15:43 109,072 --a------ C:\WINDOWS\system32\drivers\vnasc.sys
2007-06-05 15:43 106,593 --a------ C:\WINDOWS\system32\fwnetcfg.dll
2007-06-05 15:43 <DIR> d-------- C:\Program Files\CheckPoint
2007-06-05 15:41 <DIR> d-------- C:\Rockwell
2007-06-05 15:19 <DIR> d-------- C:\Special Data
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-04 03:31:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-07-04 03:27:41 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-02 22:25:47 -------- d-----w C:\Program Files\Messenger
2007-07-02 05:23:26 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-07-01 04:52:48 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-01 04:52:10 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 05:46:14 -------- d-----w C:\Program Files\GhostSurf 2005
2007-06-23 05:30:13 -------- d-----w C:\Program Files\Paint Shop Pro 7
2007-06-22 06:38:56 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-06-21 03:18:54 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-15 21:32:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 18:56:19 -------- d-----w C:\Program Files\City of Heroes
2007-06-05 20:52:44 -------- d-----w C:\Program Files\Google
2007-06-05 20:52:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-31 17:33:41 -------- d-----w C:\Program Files\Yahoo!
2007-05-30 16:52:49 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Netscape
2007-05-30 16:50:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Tenebril
2007-05-30 11:22:08 -------- d-----w C:\Program Files\World of Warcraft
2007-05-30 11:21:03 3,104 ----a-w C:\WINDOWS\mozver.dat
2007-05-27 22:49:42 -------- d-----w C:\Program Files\VUGames
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 23:40:48 -------- d-----w C:\Program Files\Plasma Pong
2007-05-14 01:41:36 -------- d-----w C:\Program Files\Athian Inc
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 01:31:24 911,250 ----a-w C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
2005-01-02 21:25 124624 --a------ C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 17:23]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 15:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-17 09:13]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-05-17 11:12]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-05-17 15:18]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 C:\WINDOWS\KHALMNPR.Exe]
"GhostSurfDelSatellite"="C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" [2005-01-04 10:17]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 23:54]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"BOC-424"="C:\PROGRA~1\Comodo\CBOClean\BOC424.exe" [2007-06-14 09:28]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-02 00:07]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-13 18:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
Contents of the 'Scheduled Tasks' folder
2007-07-04 03:33:27 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 23:30:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-03 23:34:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 23:34
C:\ComboFix2.txt ... 2007-07-02 19:18
C:\ComboFix3.txt ... 2007-07-02 18:30
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 00:03, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153168589593
O18 - Protocol: bw+0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: offline-8876480 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Just a heads up, a friend had me remove those files yesterday before your reply was posted and he ran HitmanPro on my computer as well. This seemed to help, but as you can tell I have had a few lingering ssues from this darned virus. Thank you very much for taking the time to do this.
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\MSN Messenger\abssm.dll
C:\Program Files\MSN Messenger\contact.dll
C:\Program Files\MSN Messenger\contactsUX.dll
C:\Program Files\MSN Messenger\custsat.dll
C:\Program Files\MSN Messenger\Device Manager\custom.dll
C:\Program Files\MSN Messenger\Device Manager\dpinst.exe
C:\Program Files\MSN Messenger\Device Manager\dpinst64.exe
C:\Program Files\MSN Messenger\Device Manager\Loc\10\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\1028\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\1046\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\11\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\12\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\16\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\17\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\18\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\19\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\20\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\22\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\25\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\29\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\31\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\4\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\6\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\7\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\8\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\Loc\9\msndevmanres.dll
C:\Program Files\MSN Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\MSN Messenger\Device Manager\WLPhoneCV.cat
C:\Program Files\MSN Messenger\Device Manager\WLPhoneCV.inf
C:\Program Files\MSN Messenger\dfsr.dll
C:\Program Files\MSN Messenger\ErrorResponse.xml
C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
C:\Program Files\MSN Messenger\highcont.thm
C:\Program Files\MSN Messenger\htc.8.1.0178.00.dll
C:\Program Files\MSN Messenger\lcapi.dll
C:\Program Files\MSN Messenger\lcres.dll
C:\Program Files\MSN Messenger\license.rtf
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\lmcdata.dll
C:\Program Files\MSN Messenger\MessengerClient.dll
C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
C:\Program Files\MSN Messenger\msgrvsta.thm
C:\Program Files\MSN Messenger\msgsc.8.1.0178.00.dll
C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll
C:\Program Files\MSN Messenger\msgsres.dll
C:\Program Files\MSN Messenger\msgswcam.dll
C:\Program Files\MSN Messenger\msidcrl40.dll
C:\Program Files\MSN Messenger\msncore.dll
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msvs.exe
C:\Program Files\MSN Messenger\msvsConfig2.xml
C:\Program Files\MSN Messenger\msvsui.dll
C:\Program Files\MSN Messenger\newalert.wma
C:\Program Files\MSN Messenger\newemail.wma
C:\Program Files\MSN Messenger\nudge.wma
C:\Program Files\MSN Messenger\online.wma
C:\Program Files\MSN Messenger\outgoing.wma
C:\Program Files\MSN Messenger\pcsexeps.dll
C:\Program Files\MSN Messenger\phone.wma
C:\Program Files\MSN Messenger\psmsong.8.1.0178.00.dll
C:\Program Files\MSN Messenger\RTMPLTFM.dll
C:\Program Files\MSN Messenger\softphone.dll
C:\Program Files\MSN Messenger\softphoneps.dll
C:\Program Files\MSN Messenger\softphoneres.dll
C:\Program Files\MSN Messenger\type.wma
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\usnsvcps.dll
C:\Program Files\MSN Messenger\vimdone.wma
C:\Program Files\MSN Messenger\wmp8stub.dll
C:\Program Files\MSN Messenger\wmv9vcm.dll
C:\VundoFix Backups
C:\VundoFix Backups\awvvu.dll.bad
C:\VundoFix Backups\bmglbcan.ini.bad
C:\VundoFix Backups\efcyxxv.dll.bad
C:\VundoFix Backups\mljigdb.dll.bad
C:\VundoFix Backups\nacblgmb.dll.bad
C:\VundoFix Backups\opnopml.dll.bad
C:\VundoFix Backups\urqronm.dll.bad
C:\VundoFix Backups\uvvwa.bak1.bad
C:\VundoFix Backups\uvvwa.bak2.bad
C:\VundoFix Backups\uvvwa.ini.bad
C:\VundoFix Backups\uvvwa.ini2.bad
C:\VundoFix Backups\uvvwa.tmp.bad
C:\VundoFix Backups\vrsoxrjx.ini.bad
C:\VundoFix Backups\xjrxosrv.dll.bad
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\F1
C:\WINDOWS\system32\F2
C:\WINDOWS\system32\F2\mwspasrt83122.exe
C:\WINDOWS\system32\F3
C:\WINDOWS\system32\F4
C:\WINDOWS\system32\F9
((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))
2007-07-03 01:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-02 22:14 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-02 22:07 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-02 22:07 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-02 22:07 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-02 22:07 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-02 22:07 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-02 22:07 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-02 22:07 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-02 22:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-07-02 22:06 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-02 22:06 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-02 22:06 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-02 22:06 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-02 22:06 <DIR> d-------- C:\Program Files\Webroot
2007-07-02 22:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-02 22:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-02 21:58 164 --a------ C:\install.dat
2007-07-02 21:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-02 21:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Webroot
2007-07-02 21:20 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2007-07-02 21:20 <DIR> d-------- C:\Program Files\Hitman Pro
2007-07-02 18:02 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 01:12 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-07-02 01:10 <DIR> d-------- C:\Program Files\BitZip
2007-07-02 00:11 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Comodo
2007-07-02 00:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-02 00:04 241,904 --a------ C:\WINDOWS\UNBOC.EXE
2007-07-02 00:04 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2007-07-02 00:04 <DIR> d-------- C:\Program Files\Comodo
2007-07-02 00:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOC424
2007-07-01 21:21 528,384 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-01 21:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Desperate Housewives
2007-07-01 10:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Talkback
2007-06-30 11:55 <DIR> d-------- C:\DOCUME~1\Owner\Contacts
2007-06-30 11:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-29 02:34 <DIR> d-------- C:\Program Files\Setup
2007-06-29 02:33 <DIR> d-------- C:\Program Files\WinAce
2007-06-27 22:01 <DIR> d-------- C:\GMouse20
2007-06-27 22:00 283,648 --a------ C:\WINDOWS\uninst.exe
2007-06-20 23:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-20 23:18 <DIR> d-------- C:\Program Files\GALA-NET
2007-06-20 15:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-06-20 15:11 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-06-20 15:11 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-06-20 15:11 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-06-20 15:11 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-06-20 15:11 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-06-20 15:11 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-06-20 15:11 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-06-20 15:11 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-17 23:33 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-05 15:44 2,516 --a------ C:\WINDOWS\system32\drivers\default.bin
2007-06-05 15:44 2,516 --a------ C:\WINDOWS\system32\default.bin
2007-06-05 15:43 671,472 --a------ C:\WINDOWS\system32\drivers\vpn.sys
2007-06-05 15:43 36,400 --a------ C:\WINDOWS\system32\drivers\omdrv.sys
2007-06-05 15:43 32,868 --a------ C:\WINDOWS\system32\ckpginashim.dll
2007-06-05 15:43 24,678 --a------ C:\WINDOWS\system32\vnasc_coinstall.dll
2007-06-05 15:43 24,674 --a------ C:\WINDOWS\system32\ckpNotify.dll
2007-06-05 15:43 2,234,320 --a------ C:\WINDOWS\system32\drivers\fw.sys
2007-06-05 15:43 17,456 --a------ C:\WINDOWS\system32\drivers\scap.sys
2007-06-05 15:43 109,072 --a------ C:\WINDOWS\system32\drivers\vnasc.sys
2007-06-05 15:43 106,593 --a------ C:\WINDOWS\system32\fwnetcfg.dll
2007-06-05 15:43 <DIR> d-------- C:\Program Files\CheckPoint
2007-06-05 15:41 <DIR> d-------- C:\Rockwell
2007-06-05 15:19 <DIR> d-------- C:\Special Data
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-04 03:31:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\OpenOffice.org2
2007-07-04 03:27:41 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-02 22:25:47 -------- d-----w C:\Program Files\Messenger
2007-07-02 05:23:26 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\.BitZip
2007-07-01 04:52:48 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Yahoo!
2007-07-01 04:52:10 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-29 05:46:14 -------- d-----w C:\Program Files\GhostSurf 2005
2007-06-23 05:30:13 -------- d-----w C:\Program Files\Paint Shop Pro 7
2007-06-22 06:38:56 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-06-21 03:18:54 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-15 21:32:14 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 18:56:19 -------- d-----w C:\Program Files\City of Heroes
2007-06-05 20:52:44 -------- d-----w C:\Program Files\Google
2007-06-05 20:52:44 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-31 17:33:41 -------- d-----w C:\Program Files\Yahoo!
2007-05-30 16:52:49 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Netscape
2007-05-30 16:50:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Tenebril
2007-05-30 11:22:08 -------- d-----w C:\Program Files\World of Warcraft
2007-05-30 11:21:03 3,104 ----a-w C:\WINDOWS\mozver.dat
2007-05-27 22:49:42 -------- d-----w C:\Program Files\VUGames
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 23:40:48 -------- d-----w C:\Program Files\Plasma Pong
2007-05-14 01:41:36 -------- d-----w C:\Program Files\Athian Inc
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 01:31:24 911,250 ----a-w C:\WINDOWS\Prison Tycoon 2 Uninstaller.exe
2007-04-04 22:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 05:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
2005-01-02 21:25 124624 --a------ C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 17:23]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-03-26 15:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-17 09:13]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-05-17 11:12]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-05-17 15:18]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 C:\WINDOWS\KHALMNPR.Exe]
"GhostSurfDelSatellite"="C:\Program Files\GhostSurf 2005\DeleteSatellite.exe" [2005-01-04 10:17]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-01 23:54]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"BOC-424"="C:\PROGRA~1\Comodo\CBOClean\BOC424.exe" [2007-06-14 09:28]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-02 00:07]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-13 18:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"NSCService"=3 (0x3)
"NPFMntor"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
Contents of the 'Scheduled Tasks' folder
2007-07-04 03:33:27 C:\WINDOWS\tasks\MP Scheduled Scan.job
**************************************************************************
catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 23:30:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-03 23:34:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-03 23:34
C:\ComboFix2.txt ... 2007-07-02 19:18
C:\ComboFix3.txt ... 2007-07-02 18:30
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 00:03, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\GhostSurf 2005\Proxy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2005\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1153168589593
O18 - Protocol: bw+0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: offline-8876480 - {B8CD51A6-DC28-4AE3-AEA7-1044ED19DE38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\GhostSurf 2005\DeleteSvc.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Just a heads up, a friend had me remove those files yesterday before your reply was posted and he ran HitmanPro on my computer as well. This seemed to help, but as you can tell I have had a few lingering ssues from this darned virus. Thank you very much for taking the time to do this.
Hi,
Check and fix next entries in HijackThis again:
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
Make sure nothing is interfering with checking above entries, so if Any of your realtime scanners is giving an alert after you fixed above entries, allow the changes and don't let it block them.
Also, you said you installed/ran Hitman Pro. I actually don't really like Hitman pro as it installs a lot of trial versions on your system (Spysweeper, NOD32, Spyware Doctor), and activates them to start up with Windows while they won't remove or protect you anyway.
This only causes an extra slowdown. There is really no need to have several different Antispyware scanners running in the background acting as a real time guard, because after all, they are all doing the same.
Do you clean your carpet with several different vacuumcleaners?
Delete the C:\Qoobox folder.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
Check and fix next entries in HijackThis again:
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
Make sure nothing is interfering with checking above entries, so if Any of your realtime scanners is giving an alert after you fixed above entries, allow the changes and don't let it block them.
Also, you said you installed/ran Hitman Pro. I actually don't really like Hitman pro as it installs a lot of trial versions on your system (Spysweeper, NOD32, Spyware Doctor), and activates them to start up with Windows while they won't remove or protect you anyway.
This only causes an extra slowdown. There is really no need to have several different Antispyware scanners running in the background acting as a real time guard, because after all, they are all doing the same.
Do you clean your carpet with several different vacuumcleaners?
Delete the C:\Qoobox folder.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6u2.
- Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:- Java 2 Runtime Environment, SE v1.4.2
- J2SE Runtime Environment 5.0
- J2SE Runtime Environment 5.0 Update 6
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.