1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cant Go to Microsoft Websites

Discussion in 'Virus & Other Malware Removal' started by dneighbor, Jan 19, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    I did a complete retore on my laptop and it was doing fine for a whie. Now it will not let me go to alot of different websites. Encluding Microsoft or do any updates.
     
  2. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:07:43 AM, on 1/19/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295210089418
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: bw+0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 16864 bytes
     
  3. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Donald Neighbor at 9:08:27.36 on Wed 01/19/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.689 [GMT -5:00]

    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Donald Neighbor\Desktop\repair items\dds.scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.yahoo.com/
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [CARPService] carpserv.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295210089418
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    ============= SERVICES / DRIVERS ===============
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-17 136176]
    S2 qxqgvhib;Microsoft Installer;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
    =============== Created Last 30 ================
    2011-01-19 13:47:04 -------- d-sha-r- C:\cmdcons
    2011-01-19 13:46:00 89088 ----a-w- c:\windows\MBR.exe
    2011-01-19 13:46:00 256512 ----a-w- c:\windows\PEV.exe
    2011-01-19 13:45:59 98816 ----a-w- c:\windows\sed.exe
    2011-01-19 13:45:59 161792 ----a-w- c:\windows\SWREG.exe
    2011-01-18 12:07:16 -------- d-----w- c:\program files\common files\Logitech
    2011-01-18 12:05:50 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2011-01-18 12:05:50 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-01-18 12:05:50 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2011-01-18 12:05:50 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2011-01-18 12:05:49 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2011-01-18 12:05:49 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2011-01-18 12:05:49 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2011-01-18 12:05:48 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2011-01-18 05:34:58 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Yahoo!
    2011-01-18 05:31:08 -------- d-----w- c:\program files\Yahoo!
    2011-01-17 23:51:49 -------- d-----w- c:\docume~1\donald~1\applic~1\OpenOffice.org
    2011-01-17 23:47:46 -------- d-----w- c:\program files\JRE
    2011-01-17 23:47:40 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-01-17 23:47:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-17 23:47:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-01-17 15:23:14 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Help
    2011-01-17 13:01:41 -------- d-----w- c:\docume~1\donald~1\locals~1\applic~1\Google
    2011-01-17 12:57:13 -------- d-----w- c:\windows\Downloaded Installations
    2011-01-17 04:38:56 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2011-01-17 04:07:20 103344 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2011-01-17 04:07:20 -------- d-----w- c:\windows\Profiles
    2011-01-17 04:07:11 306688 ----a-w- c:\windows\IsUninst.exe
    2011-01-17 04:00:17 -------- d-----w- c:\windows\pss
    2011-01-17 02:51:06 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-01-17 02:50:24 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-01-17 02:49:46 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-01-17 02:49:46 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-01-17 02:48:48 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-01-17 02:28:30 -------- d-----w- c:\windows\system32\scripting
    2011-01-17 02:28:28 -------- d-----w- c:\windows\system32\en
    2011-01-17 02:28:28 -------- d-----w- c:\windows\l2schemas
    2011-01-17 02:23:20 -------- d-----w- c:\windows\network diagnostic
    2011-01-17 02:12:48 -------- d-sh--w- c:\documents and settings\donald neighbor\PrivacIE
    2011-01-17 02:12:01 -------- d-sh--w- c:\documents and settings\donald neighbor\IETldCache
    2011-01-17 02:05:39 -------- d-----w- c:\windows\ie8updates
    2011-01-17 02:05:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-01-17 02:05:23 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-01-17 02:05:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-01-17 02:05:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-01-17 02:05:23 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-01-17 02:05:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-01-17 02:05:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-01-17 02:04:08 -------- dc-h--w- c:\windows\ie8
    2011-01-16 21:46:19 357248 -c----w- c:\windows\system32\dllcache\srv.sys
    2011-01-16 21:46:08 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-01-16 21:45:59 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2011-01-16 21:45:57 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
    2011-01-16 21:45:47 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
    2011-01-16 21:45:47 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
    2011-01-16 21:45:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
    2011-01-16 21:44:06 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
    2011-01-16 21:35:52 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-01-16 21:35:52 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
    2011-01-16 21:35:52 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-01-16 21:35:52 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
    2011-01-16 21:35:52 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
    2011-01-16 21:35:52 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-01-16 21:35:52 110592 -c----w- c:\windows\system32\dllcache\services.exe
    2011-01-16 21:35:51 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
    2011-01-16 21:35:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
    2011-01-16 21:35:51 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-01-16 21:35:50 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-01-16 21:35:49 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-01-16 21:34:09 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
    2011-01-16 21:33:54 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2011-01-16 21:33:32 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-01-16 21:32:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2011-01-16 21:32:31 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
    2011-01-16 21:31:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-01-16 21:31:57 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-01-16 21:15:27 -------- d-----w- c:\windows\system32\wbem\AutoRecover
    2011-01-16 21:10:08 -------- d-----w- c:\windows\peernet
    2011-01-16 21:10:07 -------- d-----w- c:\windows\provisioning
    2011-01-16 21:08:12 -------- d-----w- c:\windows\ServicePackFiles
    2011-01-16 21:04:22 -------- d-----w- c:\windows\system32\ReinstallBackups
    2011-01-16 21:02:27 -------- d-----w- c:\windows\EHome
    2011-01-16 20:58:58 11264 ------w- c:\windows\system32\spnpinst.exe
    2011-01-16 20:38:30 -------- d-----w- c:\windows\system32\PreInstall
    2011-01-16 20:38:27 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-01-16 20:38:26 -------- d--h--w- c:\windows\$hf_mig$
    2011-01-16 20:37:49 -------- d-----w- c:\windows\system32\bits
    2011-01-16 20:37:22 8192 ------w- c:\windows\system32\bitsprx2.dll
    2011-01-16 20:37:22 7168 ------w- c:\windows\system32\bitsprx3.dll
    2011-01-16 20:37:22 438784 ----a-w- c:\windows\system32\xpob2res.dll
    2011-01-16 20:37:22 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-01-16 20:37:22 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
    2011-01-16 20:35:38 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
    2011-01-16 20:35:38 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2011-01-16 20:35:38 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2011-01-16 20:35:38 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2011-01-16 20:35:38 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-01-16 20:22:44 -------- d-----w- c:\program files\CCleaner
    2011-01-16 20:10:28 -------- d-----w- c:\program files\ESET
    2011-01-16 20:08:34 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2011-01-16 20:08:34 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-01-16 20:08:31 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-01-16 20:03:41 -------- d-----w- c:\docume~1\donald~1\applic~1\Malwarebytes
    2011-01-16 20:03:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-16 20:03:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-16 20:03:33 19288 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-16 20:03:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-16 19:52:17 388096 ----a-r- c:\docume~1\donald~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-16 19:52:16 -------- d-----w- c:\program files\Trend Micro
    2011-01-16 19:50:24 -------- d-sh--w- c:\documents and settings\donald neighbor\UserData
    2011-01-16 19:44:05 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
    2011-01-16 19:44:05 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
    2011-01-16 19:43:56 -------- d-----w- c:\program files\CONEXANT
    2011-01-16 19:43:13 -------- d-----w- C:\WUTemp
    2011-01-16 19:43:11 191488 ----a-w- c:\windows\system32\iuengine.dll
    ==================== Find3M ====================
    2011-01-18 12:06:32 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
    2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    ============= FINISH: 9:08:39.56 ===============
     
  4. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Attach log
     

    Attached Files:

  5. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    ComboFix 11-01-18.04 - Donald Neighbor 01/19/2011 8:56.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.768 [GMT -5:00]
    Running from: c:\documents and settings\Donald Neighbor\Desktop\ComboFix.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\windows\system32\_003504_.tmp.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
    .
    2011-01-16 19:43 . 2011-01-16 19:43 -------- d-----w- C:\WUTemp
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 14:52 . 2002-08-29 20:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2002-08-29 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2002-08-29 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2002-08-29 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2002-08-29 20:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2002-08-29 20:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2002-08-29 20:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-01-18 32768]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CARPService"="carpserv.exe" [2003-05-21 4608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-1-18 450560]
    [HKLM\~\startupfolder\C:^Documents and Settings^Donald Neighbor^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\documents and settings\Donald Neighbor\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-01-17 13:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4600:TCP"= 4600:TCP:hkuetcm
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/17/2011 8:01 AM 136176]
    S2 qxqgvhib;Microsoft Installer;c:\windows\system32\svchost.exe -k netsvcs [8/29/2002 3:00 PM 14336]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qxqgvhib
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
    2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-CTFMON - (no file)
    AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-19 09:02
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qxqgvhib]
    "ServiceDll"="c:\windows\system32\etoljkyh.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-01-19 09:04:29
    ComboFix-quarantined-files.txt 2011-01-19 14:04
    Pre-Run: 71,492,796,416 bytes free
    Post-Run: 71,527,444,480 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    - - End Of File - - 6A8642B76FC53A7C0496F2794A9A0DEB
     
  6. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-19 10:10:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS721080G9AT00 rev.MC4OA51A
    Running: 9rjnwm0t.exe; Driver: C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\axkcqpoc.sys

    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\qxqgvhib\Parameters
    Reg HKLM\SYSTEM\ControlSet002\Services\qxqgvhib\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 32
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\System32\svchost.exe[1044] NETAPI32.dll!NetpwPathCanonicalize 5B86A3A9 5 Bytes JMP 01E0AD74
    .text C:\WINDOWS\System32\svchost.exe[1084] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 007AADDD
    .text C:\WINDOWS\System32\svchost.exe[1044] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes JMP 01E0ADDD
    ---- Services - GMER 1.0.15 ----
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] qxqgvhib <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\qxqgvhib\[email protected] C:\WINDOWS\system32\etoljkyh.dll
    Reg HKLM\SYSTEM\ControlSet002\Services\qxqgvhib\[email protected] C:\WINDOWS\system32\etoljkyh.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Manages network configuration by registering and updating IP addresses and DNS names.
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Manages network configuration by registering and updating IP addresses and DNS names.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Microsoft Installer
    Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] Microsoft Installer
    ---- System - GMER 1.0.15 ----
    Code \??\C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\catchme.sys pIofCallDriver
    ---- Kernel code sections - GMER 1.0.15 ----
    ? C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
    ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
    ? C:\DOCUME~1\DONALD~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- EOF - GMER 1.0.15 ----
     
  7. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Tried to do an ESET Scan but it would not let me go to website.
     
  8. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
  9. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya dneighbour,

    You have a nasty Rootkit infection, please read the following before we go any further:

    IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and Backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

    If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read "How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?"

    Although we MIGHT be able to remove the rootkit, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that IF the rootkit can be removed the computer will then be secure.

    In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

    • "When should I re-format? How should I reinstall?"
    • "Help: I Got Hacked. Now What Do I Do?"
    • "Where to draw the line? When to recommend a format and reinstall?"

    Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful.

    If you wish to proceed continue as follows :-

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    File::
    c:\windows\system32\etoljkyh.dll
    Driver::
    qxqgvhib
    NetSvc::
    qxqgvhib
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "4600:TCP"=-
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_Ac tiveX.exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    
    Save this as CFScript.txt, in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Kevin
     
  11. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Kevin,
    Thank You I have to leave for Church right now but as soon as I get back I will copy and paste that. Thank You Don
     
  12. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    ComboFix 11-01-22.03 - Donald Neighbor 01/23/2011 8:36.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.762 [GMT -5:00]
    Running from: c:\documents and settings\Donald Neighbor\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Donald Neighbor\Desktop\CFScript.txt
    * Created a new restore point
    FILE ::
    "c:\windows\system32\etoljkyh.dll"
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\system32\etoljkyh.dll
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_QXQGVHIB
    -------\Service_qxqgvhib

    ((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
    .
    2011-01-16 19:43 . 2011-01-16 19:43 -------- d-----w- C:\WUTemp
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-09 14:52 . 2002-08-29 20:00 249856 ----a-w- c:\windows\system32\odbc32.dll
    2010-11-06 00:26 . 2002-08-29 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2002-08-29 20:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2002-08-29 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2002-08-29 20:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2002-08-29 20:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2002-08-29 20:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2011-01-18 32768]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CARPService"="carpserv.exe" [2003-05-21 4608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-1-18 450560]
    [HKLM\~\startupfolder\C:^Documents and Settings^Donald Neighbor^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\documents and settings\Donald Neighbor\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-01-17 13:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "4600:TCP"= 4600:TCP:hkuetcm
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/17/2011 8:01 AM 136176]
    .
    Contents of the 'Scheduled Tasks' folder
    2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
    2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-17 13:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Donald Neighbor\Application Data\Mozilla\Firefox\Profiles\1spzsois.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-23 08:44
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(716)
    c:\windows\System32\l3codeca.acm
    - - - - - - - > 'explorer.exe'(4508)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    c:\docume~1\DONALD~1\LOCALS~1\Temp\IadHide5.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\System32\l3codeca.acm
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\carpserv.exe
    c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    c:\windows\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
    c:\66e207093166ca3a89d4a4754a655d\dotnetfx35setup.exe
    c:\b75f48b55223fd689ec9486a235c58c5\setup.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-23 08:48:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-23 13:48
    ComboFix2.txt 2011-01-19 14:04
    Pre-Run: 70,990,196,736 bytes free
    Post-Run: 70,862,241,792 bytes free
    - - End Of File - - FE1F04DB45D3F702DF33750DE6730250
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Don,

    How is your system responding now, any better? Proceed as follows :-

    Step 1

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take between one and several hours to complete depending on the size of your system.

    I see you`ve already got ESET onboard, just use the above for the settings.

    Step 2

    Re-open HJT carry out a scan and save the log file.

    Post the logs from ESET and HJT in your reply. Also give update on symptoms, any changes?

    Kevin
     
  14. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:51:47 PM, on 1/23/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295210089418
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: bw+0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {0FA9DFA3-9519-40D3-B668-BD6EF6D2238A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 18073 bytes
     
  15. dneighbor

    dneighbor Thread Starter

    Joined:
    Dec 20, 2010
    Messages:
    423
    C:\Qoobox\Quarantine\C\WINDOWS\system32\_etoljkyh_.dll.zip a variant of Win32/Conficker.X worm
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975605

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice