Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

IE settings being change at start up and computer is too slow

6K views 45 replies 2 participants last post by  Cookiegal 
#1 ·
I was infected with Vundo and my norton is able to remove it but it will come back again after my next boot up.

However for a few weeks now there seem to be no news of the Vundo but my com had become incredibly slow. From startup (stay at the black loading screen for longer then a min) to shutting down(took more then 1 min to save the the user setting before shut down). Also my com will hang for at least 3 min after i log in,waiting for the MSN to load.

Most importantly i received an alert from my spywareguard that an attempt to change my IE settings had being detected everytime i start my com. Btw i can't open my IE too

**********************************************
The following BHO has been added to your system:
{5F86F65A-B99D-4804-8A06-D1C0012C3121}

ProgID: n/a
File Location: D:\WINDOWS\system32\ssqpn.dll

**************************************

The whole computer system is currently very slow, even opening simple programs need a bit of time. I hope you can help me out here as i am at my wits end. Thank you

*update 30 min after i post this, trojan.vundo appeared again after norton fixed it and requested me to restart my com.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:45 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS\system32\vmnat.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\Rundll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Imation\ImationFlashDetect.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Norton 360\MainStub.exe
D:\Program Files\Norton 360\MainStub.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Norton 360\MainStub.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Remote Launcher] wnpmcs.exe
O4 - HKLM\..\Run: [f468a2c7] rundll32.exe "D:\WINDOWS\system32\kmmpoahp.dll",b
O4 - HKLM\..\Run: [BM2faa2dc7] Rundll32.exe "D:\WINDOWS\system32\xbmrromq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ImationFlashDetect.lnk = D:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IcVzMonLauncher - Unknown owner - C:\IcVzMonLauncher.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Unknown owner - C:\IcVzMon.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE

--
End of file - 22563 bytes
 
See less See more
#2 ·
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.
  • WARNING: IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts.
  • Please do not re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on combofix.exe and follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
 
#3 ·
My HijackThis and ComboFix Log are in to separate entry

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:48 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS\system32\vmnat.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Imation\ImationFlashDetect.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F49152E-9BE9-407B-BF57-EFB3F9F6291A} - D:\WINDOWS\system32\ddabc.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - blank (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {D0762966-2AE9-4B87-88CF-1F6877A7C61B} - blank (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F1629955-3B55-4FBA-8945-19E0AF11EB4E} - D:\WINDOWS\system32\ssqpn.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [f468a2c7] rundll32.exe "D:\WINDOWS\system32\adujyjpg.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [BM2faa2dc7] Rundll32.exe "D:\WINDOWS\system32\ehqqweej.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ImationFlashDetect.lnk = D:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IcVzMonLauncher - Unknown owner - C:\IcVzMonLauncher.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Unknown owner - C:\IcVzMon.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE

--
End of file - 23713 bytes
 
#4 ·
ComboFix Log

ComboFix 08-02.11.1 - Roger 2008-02-11 18:11:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1533 [GMT 8:00]
Running from: D:\Documents and Settings\Roger\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\Common Files\{2C991~1
D:\Program Files\FunWebProducts
D:\Program Files\MyWebSearch
D:\Program Files\MyWebSearch\bar\History\search2
D:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
D:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
D:\WINDOWS\system32\cbadd.ini
D:\WINDOWS\system32\cbadd.ini2
D:\WINDOWS\system32\components
D:\WINDOWS\system32\ejlcfdgn.ini
D:\WINDOWS\system32\ekfllxww.ini
D:\WINDOWS\system32\exvvlnqc.ini
D:\WINDOWS\system32\feiuqjnr.ini
D:\WINDOWS\system32\glikuvmv.ini
D:\WINDOWS\system32\gmsvqjwp.ini
D:\WINDOWS\system32\gwqbkruw.ini
D:\WINDOWS\system32\ikbgxfor.ini
D:\WINDOWS\system32\ksuyxass.ini
D:\WINDOWS\system32\loggpidb.ini
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\mekcmbvj.ini
D:\WINDOWS\system32\nevkuwjd.ini
D:\WINDOWS\system32\npqss.ini
D:\WINDOWS\system32\npqss.ini2
D:\WINDOWS\system32\oepmidou.ini
D:\WINDOWS\system32\pajeiyml.ini
D:\WINDOWS\system32\ptkilebn.ini
D:\WINDOWS\system32\qtbqkvms.dll
D:\WINDOWS\system32\qvngtlvb.ini
D:\WINDOWS\system32\rewxllrr.ini
D:\WINDOWS\system32\sgvctmxt.ini
D:\WINDOWS\system32\tapjjnog.dll
D:\WINDOWS\system32\uuepxrvd.dll
D:\WINDOWS\system32\vberhvrs.dll
D:\WINDOWS\system32\vobmbbwk.ini
D:\WINDOWS\system32\vpavwoxa.dll
D:\WINDOWS\system32\vvthyxra.ini
D:\WINDOWS\system32\wjshfvcu.dll
D:\WINDOWS\system32\xbmrromq.dll
D:\WINDOWS\system32\xchutmrd.ini
D:\WINDOWS\system32\xiosbhan.dll
D:\WINDOWS\system32\ybhcstcs.ini
D:\WINDOWS\system32\ynntvwmo.ini
D:\WINDOWS\system32\yqwivkgn.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 )))))))))))))))))))))))))))))))
.

2008-02-11 18:04 . 2004-08-04 00:56 388,608 --a------ D:\kmd.exe
2008-02-09 01:12 . 2008-02-09 01:13 d-------- D:\WINDOWS\ERUNT
2008-02-08 21:31 . 2007-12-14 01:59 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-02-06 18:04 . 2008-02-06 18:04 d-------- D:\Program Files\Trend Micro
2008-02-05 20:30 . 2008-02-07 21:28 2,170,990 ---hs---- D:\WINDOWS\system32\phaopmmk.ini
2008-02-01 10:16 . 2008-02-03 20:16 1,959,216 ---hs---- D:\WINDOWS\system32\iibapwgg.ini
2008-01-30 19:14 . 2008-02-01 10:08 1,952,093 ---hs---- D:\WINDOWS\system32\tuawnvla.ini
2008-01-25 19:44 . 2008-01-26 14:51 1,918,161 --ahs---- D:\WINDOWS\system32\nccofcxt.ini
2008-01-11 19:15 . 2008-02-08 01:49 16,593 --a------ D:\WINDOWS\BM2faa2dc7.xml
2008-01-11 19:15 . 2008-02-08 21:25 22 --a------ D:\WINDOWS\pskt.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 10:05 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2008-02-11 07:18 --------- d-----w D:\Program Files\WinPoET Broadband Connection
2008-02-11 07:18 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\VMware
2008-02-11 07:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\VMware
2008-02-09 03:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-02-08 16:35 --------- d-----w D:\Documents and Settings\Roger\Application Data\uTorrent
2008-02-08 13:31 --------- d-----w D:\Program Files\Java
2008-02-06 10:55 --------- d-----w D:\Program Files\Roguescanfix
2008-01-25 15:13 --------- d-----w D:\Documents and Settings\Roger\Application Data\Hamachi
2008-01-19 08:07 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-19 08:06 --------- d-----w D:\Program Files\EPSON
2008-01-15 01:54 10,537 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-14 21:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 10:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-23 09:18 43,520 -c--a-w D:\WINDOWS\system32\CmdLineExt03.dll
2007-12-20 14:56 25,280 ----a-w D:\WINDOWS\system32\drivers\hamachi.sys
2007-12-18 08:49 --------- d-----w D:\Program Files\Norton 360
2007-12-05 07:06 60,800 -c--a-w D:\WINDOWS\system32\S32EVNT1.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F49152E-9BE9-407B-BF57-EFB3F9F6291A}]
D:\WINDOWS\system32\ddabc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0762966-2AE9-4B87-88CF-1F6877A7C61B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1629955-3B55-4FBA-8945-19E0AF11EB4E}]
D:\WINDOWS\system32\ssqpn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"LDM"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-25 20:05 32768]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 23:28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 D:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C43 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-12-10 11:06 75776]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 D:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-14 00:20 180269]
"RegistryMechanic"="" []
"LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 12:27 497176]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43 86016]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"f468a2c7"="D:\WINDOWS\system32\adujyjpg.dll" [ ]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"BM2faa2dc7"="D:\WINDOWS\system32\ehqqweej.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 18:27 492912]

D:\Documents and Settings\Roger\Start Menu\Programs\Startup\
ImationFlashDetect.lnk - D:\Program Files\Imation\ImationFlashDetect.exe [2007-04-23 17:56:52 835584]
SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=D:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
--a--c--- 2002-07-17 13:50 241664 D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2005-10-18 11:58 278528 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a--c--- 2006-12-22 12:28 756248 D:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 D:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 18:50 155648 D:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-01-09 02:54 65536 D:\WINDOWS\SOUNDMAN.EXE

R3 WrKPoET2000;WrKPoET2000;D:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys [2002-07-17 13:52]
R3 WRSWanDD;iVasion PoET Adapter;D:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-07-17 13:53]
S0 nngmqsfd;nngmqsfd;D:\WINDOWS\system32\drivers\fislkcsl.sys []
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\IcVzMonLauncher.exe" []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\IcVzMon.exe []
S3 k600bus;Sony Ericsson 600i driver (WDM);D:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 SQLWriter;SQL Server VSS Writer;"D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 XDva011;XDva011;D:\WINDOWS\system32\XDva011.sys []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 07:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c331c5-64a8-11da-a581-be18cbadc918}]
\Shell\Auto\command - "F:\blue.EXE" /StartExplorer
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL "F:\blue.EXE" /StartExplorer

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-31 07:01:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 18:17:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 18:18:29
ComboFix-quarantined-files.txt 2008-02-11 10:18:25
.
2008-01-12 05:00:34 --- E O F ---
 
#5 ·
Is your F drive an external or flash drive?

Do you know what this is on it?

F:\blue.EXE

Also, please right click on this file and select "open with" and Notepad and copy and paste the contents here:

D:\WINDOWS\BM2faa2dc7.xml

Open Notepad and copy and paste the text in the code box below into it:

File::
D:\WINDOWS\system32\phaopmmk.ini
D:\WINDOWS\system32\iibapwgg.ini
D:\WINDOWS\system32\tuawnvla.ini
D:\WINDOWS\system32\nccofcxt.ini

Driver::
nngmqsfd

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F49152E-9BE9-407B-BF57-EFB3F9F6291A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0762966-2AE9-4B87-88CF-1F6877A7C61B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1629955-3B55-4FBA-8945-19E0AF11EB4E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f468a2c7"=-
"BM2faa2dc7"=-
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
#6 ·
My F drive is an internal harddisk that i bought a few weeks back.

There should not be a Blue.exe inside as i only keep my videos on that

Combofix

ComboFix 08-02.11.1 - Roger 2008-02-16 14:13:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1555 [GMT 8:00]
Running from: D:\Documents and Settings\Roger\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Roger\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
D:\WINDOWS\system32\iibapwgg.ini
D:\WINDOWS\system32\nccofcxt.ini
D:\WINDOWS\system32\phaopmmk.ini
D:\WINDOWS\system32\tuawnvla.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\iibapwgg.ini
D:\WINDOWS\system32\nccofcxt.ini
D:\WINDOWS\system32\phaopmmk.ini
D:\WINDOWS\system32\tuawnvla.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NNGMQSFD
-------\nngmqsfd

((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-11 18:04 . 2004-08-04 00:56 388,608 --a------ D:\kmd.exe
2008-02-09 01:12 . 2008-02-09 01:13 d-------- D:\WINDOWS\ERUNT
2008-02-08 21:31 . 2007-12-14 01:59 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-02-06 18:04 . 2008-02-06 18:04 d-------- D:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 06:23 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2008-02-16 06:22 --------- d-----w D:\Program Files\WinPoET Broadband Connection
2008-02-16 06:22 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\VMware
2008-02-16 06:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\VMware
2008-02-16 06:11 --------- d-----w D:\Documents and Settings\Roger\Application Data\uTorrent
2008-02-09 03:44 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-02-08 13:31 --------- d-----w D:\Program Files\Java
2008-02-06 10:55 --------- d-----w D:\Program Files\Roguescanfix
2008-01-25 15:13 --------- d-----w D:\Documents and Settings\Roger\Application Data\Hamachi
2008-01-19 08:07 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-01-19 08:06 --------- d-----w D:\Program Files\EPSON
2008-01-15 01:54 10,537 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-14 21:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 10:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-20 14:56 25,280 ----a-w D:\WINDOWS\system32\drivers\hamachi.sys
2007-12-18 08:49 --------- d-----w D:\Program Files\Norton 360
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"LDM"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-25 20:05 32768]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 23:28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 D:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C43 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-12-10 11:06 75776]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 D:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-14 00:20 180269]
"RegistryMechanic"="" []
"LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 12:27 497176]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43 86016]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 18:27 492912]

D:\Documents and Settings\Roger\Start Menu\Programs\Startup\
ImationFlashDetect.lnk - D:\Program Files\Imation\ImationFlashDetect.exe [2007-04-23 17:56:52 835584]
SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=D:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
--a--c--- 2002-07-17 13:50 241664 D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2005-10-18 11:58 278528 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a--c--- 2006-12-22 12:28 756248 D:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 D:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 18:50 155648 D:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-01-09 02:54 65536 D:\WINDOWS\SOUNDMAN.EXE

R3 WrKPoET2000;WrKPoET2000;D:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys [2002-07-17 13:52]
R3 WRSWanDD;iVasion PoET Adapter;D:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-07-17 13:53]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\IcVzMonLauncher.exe" []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\IcVzMon.exe []
S3 k600bus;Sony Ericsson 600i driver (WDM);D:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 SQLWriter;SQL Server VSS Writer;"D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 XDva011;XDva011;D:\WINDOWS\system32\XDva011.sys []
S3 XDva092;XDva092;D:\WINDOWS\system32\XDva092.sys []
S3 XDva093;XDva093;D:\WINDOWS\system32\XDva093.sys []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2005-09-23 07:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c331c5-64a8-11da-a581-be18cbadc918}]
\Shell\Auto\command - "F:\blue.EXE" /StartExplorer
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL "F:\blue.EXE" /StartExplorer

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-31 07:01:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 14:23:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS\system32\vmnat.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-16 14:27:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 06:27:19
ComboFix2.txt 2008-02-11 10:18:30
.
2008-01-12 05:00:34 --- E O F ---
 
#7 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:58 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
D:\WINDOWS\ATKKBService.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS\system32\vmnat.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - blank (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ImationFlashDetect.lnk = D:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IcVzMonLauncher - Unknown owner - C:\IcVzMonLauncher.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Unknown owner - C:\IcVzMon.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE

--
End of file - 22543 bytes
 
#11 ·
Okay, here it is

<ROOT><CAMPAIGNLIST><CAMPAIGN name="120x240" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?120['"]?)|(HEIGHT=['"]?240['"]?))+[^>]*?((WIDTH=['"]?120['"]?)|(HEIGHT=['"]?240['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=120x240;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_120x240&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="120x600" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?120['"]?)|(HEIGHT=['"]?600['"]?))+[^>]*?((WIDTH=['"]?120['"]?)|(HEIGHT=['"]?600['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=120x600;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_120x600&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="2"/><last_match_time value="1202405504"/></internal_state></CAMPAIGN><CAMPAIGN name="120x90" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?120['"]?)|(HEIGHT=['"]?90['"]?))+[^>]*?((WIDTH=['"]?120['"]?)|(HEIGHT=['"]?90['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=120x90;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_120x90&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="125x125" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?125['"]?)|(HEIGHT=['"]?125['"]?))+[^>]*?((WIDTH=['"]?125['"]?)|(HEIGHT=['"]?125['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=125x125;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_125x125&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="2"/><last_match_time value="1202405504"/></internal_state></CAMPAIGN><CAMPAIGN name="160x600" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?160['"]?)|(HEIGHT=['"]?600['"]?))+[^>]*?((WIDTH=['"]?160['"]?)|(HEIGHT=['"]?600['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=160x600;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_160x600&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="180x150" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?180['"]?)|(HEIGHT=['"]?150['"]?))+[^>]*?((WIDTH=['"]?180['"]?)|(HEIGHT=['"]?150['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=180x150;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_180x150&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="234x60" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?234['"]?)|(HEIGHT=['"]?60['"]?))+[^>]*?((WIDTH=['"]?234['"]?)|(HEIGHT=['"]?60['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=234x60;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_234x60&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="240x400" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?240['"]?)|(HEIGHT=['"]?400['"]?))+[^>]*?((WIDTH=['"]?240['"]?)|(HEIGHT=['"]?400['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=240x400;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_240x400&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="250x250" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?250['"]?)|(HEIGHT=['"]?250['"]?))+[^>]*?((WIDTH=['"]?250['"]?)|(HEIGHT=['"]?250['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=250x250;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_250x250&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="300x100" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?300['"]?)|(HEIGHT=['"]?100['"]?))+[^>]*?((WIDTH=['"]?300['"]?)|(HEIGHT=['"]?100['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=300x100;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_300x100&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="300x250" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?300['"]?)|(HEIGHT=['"]?250['"]?))+[^>]*?((WIDTH=['"]?300['"]?)|(HEIGHT=['"]?250['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=300x250;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_300x250&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="336x280" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?336['"]?)|(HEIGHT=['"]?280['"]?))+[^>]*?((WIDTH=['"]?336['"]?)|(HEIGHT=['"]?280['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=336x280;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_336x280&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="468x60" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?468['"]?)|(HEIGHT=['"]?60['"]?))+[^>]*?((WIDTH=['"]?468['"]?)|(HEIGHT=['"]?60['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=468x60;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_468x60&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="2"/><last_match_time value="1202405504"/></internal_state></CAMPAIGN><CAMPAIGN name="720x300" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?720['"]?)|(HEIGHT=['"]?300['"]?))+[^>]*?((WIDTH=['"]?720['"]?)|(HEIGHT=['"]?300['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=720x300;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_720x300&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="0"/><last_match_time value="0"/></internal_state></CAMPAIGN><CAMPAIGN name="728x90" id="20080205"><options></options><commands><command name="code_modify"><actions><action name="replace"><initial_values><initial_value><![CDATA[<IFRAME[^>]*((WIDTH=['"]?728['"]?)|(HEIGHT=['"]?90['"]?))+[^>]*?((WIDTH=['"]?728['"]?)|(HEIGHT=['"]?90['"]?))+[^>]*?>.*?]]></initial_value><initial_value><![CDATA[<IFRAME[^>]*src=["']?[^"']+;sz=728x90;.*?]]></initial_value></initial_values><new_values><new_value id="1" weight="100"><![CDATA[&guid=[guid]&aid=[aid]&url=[url]]http://85.17.166.173/go/?cmp=nm_bm3s_728x90&uid=[uid]&guid=[guid]&aid=[aid]&url=[url]]]></new_value></new_values></action></actions></command></commands><internal_state><current_match_count value="34"/><last_match_time value="1202406560"/></internal_state></CAMPAIGN></CAMPAIGNLIST><COOKIES><COOKIE>ip=MTY1LjIxLjE1NC4xMDg#</COOKIE><COOKIE>country=U0c#</COOKIE></COOKIES></ROOT>
 
#12 ·
Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • In the Processes group click ALL
  • In the Win32 Services group click ALL
  • In the Driver Services group click ALL
  • In the Registry group click ALL
  • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
  • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
  • In the File String Search group click SELECT ALL
  • in the Additional Scans sections please press select ALL and make sure Non-Microsoft only is UNCHECKED.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
Please upload the resulting log here as an attachment. To do that, open a reply dialogue box and click on "manage attachments" then click on "browse" to locate the file on your computer, open it, click on "upload" to upload it and then submit your reply.
 
#14 ·
Disconnect from the Internet and disable your anti-virus and firewall programs. Be sure to remember to re-start them before going on-line again.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program. Copy and paste the information in the box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here along with a new HijackThis log please.

Code:
[Kill Explorer]
[Registry - All]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> RegistryMechanic -> 
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKLM] -> [BitComet Helper]
[Registry - Additional Scans - All]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> Reg Data - Value does not exist
YN -> D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> {3248F0A8-6813-11D6-A77B-00B0D0150090} -> J2SE Runtime Environment 5.0 Update 9
YN -> {32A3A4F4-B792-11D6-A78A-00B0D0150060} -> J2SE Development Kit 5.0 Update 6
[Files/Folders - Created Within 60 days]
NY -> BM2faa2dc7.txt -> %SystemRoot%\BM2faa2dc7.txt
NY -> BM2faa2dc7.xml -> %SystemRoot%\BM2faa2dc7.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Files/Folders - Modified Within 30 days]
NY -> BM2faa2dc7.txt -> %SystemRoot%\BM2faa2dc7.txt
NY -> BM2faa2dc7.xml -> %SystemRoot%\BM2faa2dc7.xml
NY -> pskt.ini -> %SystemRoot%\pskt.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]
Also, please let me know if you have this file on your computer:

C:\WINDOWS\system32\qmgr.dll

Lastly, you need to increase the size of your paging file.

Click Start, and then click Control Panel.
If in Category view, click on Click Performance and Maintenance and then click System (if in Classic view just click System).
On the Advanced tab, under Performance, click Settings.
On the Advanced tab, under Virtual memory, click Change. Select the radio dial beside "system managed size" and click "set" and "apply" and OK.
 
#15 ·
Below is the log file from WinPFind3u

Explorer killed successfully
[Registry - All]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RegistryMechanic deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} deleted successfully.
[Registry - Additional Scans - All]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk deleted successfully.
D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk deleted successfully.
D:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150090} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{32A3A4F4-B792-11D6-A78A-00B0D0150060} deleted successfully.
[Files/Folders - Created Within 60 days]
D:\WINDOWS\BM2faa2dc7.txt moved successfully.
D:\WINDOWS\BM2faa2dc7.xml moved successfully.
D:\WINDOWS\pskt.ini moved successfully.
[Files/Folders - Modified Within 30 days]
File D:\WINDOWS\BM2faa2dc7.txt not found!
File D:\WINDOWS\BM2faa2dc7.xml not found!
File D:\WINDOWS\pskt.ini not found!
[Empty Temp Folders]
D:\DOCUME~1\Roger\LOCALS~1\Temp\ -> emptied.
D:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 02/24/2008 01:41:39
 
#16 ·
This is my new HijackThis Log File and for the qmgr.dll, i have it on my D drive instead of C:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:03 AM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
D:\WINDOWS\ATKKBService.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Imation\ImationFlashDetect.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\VMware\VMware Player\vmware-authd.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS\system32\vmnat.exe
D:\Program Files\WinPoET Broadband Connection\WrOS.EXE
D:\WINDOWS\system32\vmnetdhcp.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thottbot.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - D:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ImationFlashDetect.lnk = D:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 3 - C:\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {15066053-2589-4F26-81C5-9CD76CD00612} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IcVzMonLauncher - Unknown owner - C:\IcVzMonLauncher.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Unknown owner - C:\IcVzMon.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - D:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - D:\Program Files\WinPoET Broadband Connection\WrOS.EXE

--
End of file - 23179 bytes
 
#17 ·
Go to Control Panel - Add/Remove programs and remove:

Logitech Desktop Messenger (this is not required)

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Please post the results from the SuperAntiSpyware and Panda scans along with a new HijackThis log.
 
#19 ·
Try this one instead and then run the Panda ActiveScan please.

Download and install AVG Anti-Spyware v7.5. Note to AVG Free anti-virus program users only: This is not the same program as the one you already have, this is an anti-spyware program so please proceed with the instructions.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
    Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.
 
#21 ·
Run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from the Kaspersky scan
 
#25 ·
Please remove the current version of ComboFix that you have and redownload it:

Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
 
#26 ·
Log from Combofix

ComboFix 08-03-07.4 - Roger 2008-03-08 12:15:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1502 [GMT 8:00]
Running from: D:\Documents and Settings\Roger\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-02 18:33 . 2007-05-16 16:45 3,497,832 --a------ D:\WINDOWS\system32\d3dx9_34.dll
2008-03-02 18:33 . 2007-05-16 16:45 1,124,720 --a------ D:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-02 18:33 . 2007-05-16 16:45 443,752 --a------ D:\WINDOWS\system32\d3dx10_34.dll
2008-03-02 18:33 . 2007-05-31 19:30 266,088 --a------ D:\WINDOWS\system32\xactengine2_8.dll
2008-03-02 18:33 . 2007-04-04 18:55 261,480 --a------ D:\WINDOWS\system32\xactengine2_7.dll
2008-03-02 18:33 . 2007-05-31 19:29 18,280 --a------ D:\WINDOWS\system32\x3daudio1_2.dll
2008-03-02 18:32 . 2007-03-12 16:42 3,495,784 --a------ D:\WINDOWS\system32\d3dx9_33.dll
2008-03-02 18:32 . 2007-03-12 16:42 1,123,696 --a------ D:\WINDOWS\system32\D3DCompiler_33.dll
2008-03-02 18:32 . 2007-03-15 16:57 443,752 --a------ D:\WINDOWS\system32\d3dx10_33.dll
2008-03-02 18:30 . 2008-03-04 18:41 294 --a------ D:\WINDOWS\game.ini
2008-03-02 15:21 . 2008-03-02 15:21 d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-03-02 15:21 . 2008-03-02 15:21 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-02 13:50 . 2008-03-02 13:50 d-------- D:\Documents and Settings\Roger\Application Data\ITE
2008-02-24 19:17 . 2008-02-24 19:17 d-------- D:\Program Files\Microsoft Games
2008-02-24 19:17 . 2008-02-24 19:17 d-------- D:\Documents and Settings\All Users\Microsoft
2008-02-24 19:15 . 2008-02-24 19:27 d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-02-24 19:04 . 2008-02-24 19:25 d-------- D:\Documents and Settings\Roger\Application Data\Microsoft Game Studios
2008-02-24 13:28 . 2008-02-24 13:28 d-------- D:\Documents and Settings\Roger\Application Data\SUPERAntiSpyware.com
2008-02-24 13:28 . 2008-02-24 13:28 d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 20:50 . 2007-07-30 19:19 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-02-22 20:50 . 2007-07-30 19:19 207,736 --a------ D:\WINDOWS\system32\muweb.dll
2008-02-22 20:50 . 2007-07-30 19:19 30,072 --a------ D:\WINDOWS\system32\mucltui.dll.mui
2008-02-22 17:03 . 2008-03-07 03:25 90,112 --a------ D:\WINDOWS\DUMP87cd.tmp
2008-02-22 14:16 . 2008-02-22 14:16 d-------- D:\Program Files\Windows Live
2008-02-22 14:16 . 2008-02-22 14:36 d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-02-22 14:16 . 2008-02-22 14:30 d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-21 23:16 . 2008-02-21 23:16 d-------- D:\Program Files\MSBuild
2008-02-21 22:59 . 2008-02-21 22:59 d-------- D:\WINDOWS\Symbols
2008-02-21 22:59 . 2008-02-21 23:15 d-------- D:\Program Files\HTML Help Workshop
2008-02-21 22:59 . 2008-02-21 23:12 d-------- D:\Program Files\Common Files\Merge Modules
2008-02-21 22:59 . 2008-02-21 23:02 d-------- D:\Program Files\Common Files\Business Objects
2008-02-21 22:59 . 2008-02-21 22:59 d-------- D:\Program Files\CE Remote Tools
2008-02-21 22:59 . 2008-02-21 22:59 d-------- D:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-02-20 22:02 . 2008-02-22 17:07 d-------- D:\Documents and Settings\Roger\Application Data\U3
2008-02-20 21:58 . 2008-02-20 21:58 d-------- D:\Extend6Demo
2008-02-09 01:12 . 2008-02-09 01:13 d-------- D:\WINDOWS\ERUNT
2008-02-08 21:31 . 2007-12-14 01:59 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 04:03 --------- d-----w D:\Program Files\Common Files\Symantec Shared
2008-03-08 04:02 --------- d-----w D:\Program Files\WinPoET Broadband Connection
2008-03-08 04:02 --------- d-----w D:\Documents and Settings\NetworkService\Application Data\VMware
2008-03-08 04:02 --------- d-----w D:\Documents and Settings\All Users\Application Data\VMware
2008-03-07 19:11 107,888 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2008-03-07 04:50 --------- d-----w D:\Documents and Settings\Roger\Application Data\uTorrent
2008-03-06 19:13 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-06 19:13 --------- d-----w D:\Program Files\Common Files\Adobe
2008-02-26 10:47 --------- d-----w D:\Documents and Settings\Roger\Application Data\Hamachi
2008-02-26 06:20 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-02-24 05:27 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-02-24 05:26 --------- d-----w D:\Program Files\Logitech
2008-02-22 06:42 --------- d-----w D:\Program Files\MSN Messenger
2008-02-21 15:28 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-21 13:35 --------- d-----w D:\Program Files\Microsoft Visual Studio 8
2008-02-20 13:56 --------- d-----w D:\Program Files\Google
2008-02-08 13:31 --------- d-----w D:\Program Files\Java
2008-02-06 10:55 --------- d-----w D:\Program Files\Roguescanfix
2008-02-06 10:04 --------- d-----w D:\Program Files\Trend Micro
2008-01-19 08:06 --------- d-----w D:\Program Files\EPSON
2008-01-15 01:54 10,537 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-14 21:28 706 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 10:32 23,904 ----a-w D:\WINDOWS\system32\drivers\COH_Mon.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-03 23:28 68856]
"SUPERAntiSpyware"="C:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-04 18:26 1481968]
"AdobeUpdater"="D:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24 86016]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 D:\WINDOWS\system32\nwiz.exe]
"EPSON Stylus C43 Series"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-12-10 11:06 75776]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 D:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-14 00:20 180269]
"LogitechCommunicationsManager"="D:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 12:27 497176]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43 86016]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 13:59 115816]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"Symantec PIF AlertEng"="D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 18:27 492912]

D:\Documents and Settings\Roger\Start Menu\Programs\Startup\
ImationFlashDetect.lnk - D:\Program Files\Imation\ImationFlashDetect.exe [2007-04-23 17:56:52 835584]
SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=D:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-winpoet-service]
--a--c--- 2002-07-17 13:50 241664 D:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2005-10-18 11:58 278528 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a--c--- 2006-12-22 12:28 756248 D:\Program Files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 D:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 18:50 155648 D:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 D:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2004-01-09 02:54 65536 D:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Documents and Settings\\Roger\\Desktop\\utorrent.exe"=
"C:\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"F:\\WolfTeam\\WolfTeam\\Wolfteam.bin"=
"D:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"F:\\LanCraft\\lancraft.exe"=
"C:\\Warcraft III\\lancraft.exe"=
"F:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"F:\\Company of Heroes\\RelicCOH.exe"=

R3 WrKPoET2000;WrKPoET2000;D:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys [2002-07-17 13:52]
R3 WRSWanDD;iVasion PoET Adapter;D:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-07-17 13:53]
S3 IcVzMonLauncher;IcVzMonLauncher;"C:\IcVzMonLauncher.exe" []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\IcVzMon.exe []
S3 k600bus;Sony Ericsson 600i driver (WDM);D:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 LVPrcMon;Logitech LVPrcMon Driver;D:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 SQLWriter;SQL Server VSS Writer;"D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 XDva011;XDva011;D:\WINDOWS\system32\XDva011.sys []
S3 XDva092;XDva092;D:\WINDOWS\system32\XDva092.sys []
S3 XDva093;XDva093;D:\WINDOWS\system32\XDva093.sys []
S3 XDva104;XDva104;D:\WINDOWS\system32\XDva104.sys []
S3 XDva107;XDva107;D:\WINDOWS\system32\XDva107.sys []
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"F:\Visual Studio 2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30c7fef2-dfbc-11dc-97af-005056c00008}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43c331c5-64a8-11da-a581-be18cbadc918}]
\Shell\Auto\command - "F:\blue.EXE" /StartExplorer
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL "F:\blue.EXE" /StartExplorer

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-31 07:01:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 12:20:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 12:22:32
ComboFix-quarantined-files.txt 2008-03-08 04:22:24
ComboFix2.txt 2008-02-16 06:27:22
ComboFix3.txt 2008-02-11 10:18:30
.
2008-01-12 05:00:34 --- E O F ---
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top