All Kinds of Spyware/Virus Problems [Resolved]

Unknown
edited October 2006 in Spyware & Virus Removal
I am having all kinds of problems that I believe stemed from one virus. High level I am experiance a bunch of spyware like symptoms with multiple advertisements opening both firefox and internet explorer with advertisements for different applications including winpro antivirus and some ebay listings. From running the programs listed in you're sticky as well as AVG and Ewido I have come up with some clues to some of the Viruses/Spyware. The following files keep showing up in scans even after I have them quarentined and removed...

- InetGet2\eltadperf.exe

- C:\Document and Settings\
\Local Settings\Temp\mstC4.tmp

- C:\Document and Settings\
\Local Settings\Temp\winCA.tmp.exe

- C:\Document and Settings\Ken Corbo\Local Settings\Temporary Internet Files\Content.IE5\OHEJ2XWF\antzom[1].exe

- C:\WINDOWS\system32\hxangnng.dll

- C:\WINDOWS\system32\winkve32.dll


Below is my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:17:38 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{94D32560-09DC-1033-0127-031111040001}\Update.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CoolMon\CoolMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [zvjostj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zvjostj.dll,khmpyrc
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Any assistance you can give me woudl be much appreciated. Please Help.

Thank You

Ken

Comments

  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Are you sure you ran AVG (Ewido)? The reason I ask is because I don't see AVG Anti-Spyware running actively in your log. If you didn't or you thought you did and may have been mistaken we should do that now. Follow the instructions below. You might want to print them.

    Please download AVG Anti-Spyware from my signature below. It is a free trial of the software. Save the install file to your desktop.
    • Install AVG by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
        Note: If the Update now option is grayed out, follow the steps below.
        • Click on Update on the toolbar.
        • Under Manual update, click on the Start Update button.
        • Wait until you see the Update succesfull message.
    • Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update AVG.
    AVG manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG is closed before installing the update.

    ______________________________

    We now need to make sure you can view all hidden files and folders, explained below:
    • Click "Start".
    • Click "My Computer".
    • Select the "Tools" menu and click "Folder Options".
    • Select the "View" tab.
    • Under the "Hidden files and folders" heading, select "Show hidden files and folders".
    • Uncheck the "Hide protected operating system files (recommended)" option.
    • Click "Yes" to confirm.
    • Uncheck the "Hide file extensions for known file types".
    • Click "OK".

    ______________________________

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    ______________________________
    Navigate to C:\Windows\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
    Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

    Clean out your Temporary Internet files. Proceed like this:
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start, click Control Panel, and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

    Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
    ______________________________

    Close ALL open Windows / Programs / Folders. Please start AVG and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
        http://img86.imageshack.us/img86/4586/scan1nx.jpg OLD EWIDO
    • When done, click the Save Scan Report button.(4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    Please post the AVG Log and a fresh Hijack This log in your next reply.
  • kcrazylegs
    edited October 2006
    Wow, thanks for the quick response...

    Well ewido didn't show up in the logs because I uninstalled it because I didn't see it in the list of applications in the initial sticky. I did have AVG running though, however it is an older version back before ewido and AVG were combined into one program. I downded the one from your signiture and ran it as you instructed. Here are the AVG LOGS:
    AVG Anti-Spyware - Scan Report

    + Created at: 9:17:57 AM 10/14/2006

    + Scan result:



    C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
    C:\Program Files\DeluxeCommunications\Dxc.exe -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
    C:\Program Files\DeluxeCommunications\DxcCore.dll -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\CLSID\{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\{94D32560-09DC-1033-0127-031111040001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\{94D32560-09DC-1033-0127-031111040001}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\misc002\DXC.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP71\A0007966.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP71\A0007967.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\khfddbb.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP63\A0007495.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP63\A0007509.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP64\A0007530.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP65\A0007547.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP69\A0007644.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP69\A0007685.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{D9E235D2-4A7D-4362-B7FA-9D84979B622D}\RP69\A0007694.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ishost.exe_tobedeleted -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ismini.exe -> Downloader.Zlob.aow : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned with backup (quarantined).
    C:\Documents and Settings\Ken Corbo\Local Settings\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\Cache\B23E4567d01 -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
    :mozilla.65:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.66:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.67:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.68:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.100:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.99:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.178:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.190:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.191:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.192:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.193:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.129:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.130:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.131:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
    :mozilla.257:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
    :mozilla.59:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.60:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
    :mozilla.480:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.680:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.61:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.62:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
    :mozilla.16:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.17:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.18:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.20:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.21:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.22:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.23:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.24:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
    :mozilla.225:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.226:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
    :mozilla.95:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.96:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.97:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.98:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
    :mozilla.564:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.565:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.678:C:\Documents and Settings\Ken Corbo\Application Data\Mozilla\Firefox\Profiles\pxq55ltp.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.


    ::Report end





    HIJACK This Logs:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:21:35 AM, on 10/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [zvjostj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zvjostj.dll,khmpyrc
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: dxclib303562752.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    OK. That's much better. Please run Hijack This again and put a check (tick) next to the following entries:



    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}

    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)

    O4 - HKLM\..\Run: [zvjostj.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\zvjostj.dll,khmpyrc
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe

    O20 - AppInit_DLLs: dxclib303562752.dll



    Close all other browsers/windows and click Fix Checked. Close Hijack This.

    Reboot into safe mode as was described before the AVG scan.

    Use Windows Explorer to delete the following:

    C:\WINDOWS\system32\zvjostj.dll<---This file.

    C:\WINDOWS\system32\crunner<---This folder.

    Reboot the PC into normal mode and post a fresh Hijack This log.

    Also I don't see any active Anti-Virus software running in your log. AVG has a free version that you could download. Please run some kind of Anti-Virus software.
  • kcrazylegs
    edited October 2006
    Alright did allt he steps you said. However I did get an error message when I has HIJACK This fix the items checked. It looks liek it did indeed go through and get rid of the items but it gave em the following error:

    "An unexpected error has occured at procedure: modBackup_MakeBackup(sItem=o20 - AppInit_DLLs: dxclib303562752.dll"

    Everything else went fine. As for not seeing an anti-virus software in the log...I do have the free AVG from your signiture installed. However per last istrctions I had the resident shield turned off. AVG does appear in teh HJTLog though. I have since turned on teh resident shield. Is there anything else that needs to be done there.

    Below is the latest report:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:57:36 PM, on 10/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    Thanks.
  • kcrazylegs
    edited October 2006
    Sorry,

    Just noticed that that wasn't a Anti-Virus & Spyware program. Looks like AVG just put it's signiture on Ewido and reditributed it. Anyway I am goign to download and install AVG anti-virus again.
  • kcrazylegs
    edited October 2006
    Most of the problems seem to have been fixed. My firewall isn't going quite as crazy and I can open internet explorer again. How ever i am still getting the occasional "Anti-Virus" software advertisement pop up.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    OK. Just to be safe do the following (and afterward we'll fix a little more with Hijack This):

    Download SmitfraudFix (by S!Ri) to your Desktop.
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press Enter
    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with a fresh Hijack This log in your next reply.
  • kcrazylegs
    edited October 2006
    It actually ran pretty quick...

    SmitFraudFix v2.109

    Scan done at 13:24:54.87, Sun 10/15/2006
    Run from C:\Documents and Settings\Ken Corbo\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ken Corbo


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ken Corbo\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KENCOR~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End





    HiJackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 1:35:11 PM, on 10/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Common Files\AOL\1159041158\ee\aolsoftware.exe
    c:\program files\common files\aol\1159041158\ee\aim6.exe
    c:\program files\common files\aol\1159041158\ee\anotify.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Please run Hijack This again and put a check (tick) by the following:


    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

    Close all other browsers/windows and click Fix Checked. Close Hijack This.

    Reboot the PC and post another Hijack This log. Also, can you tell me a little more about the anti-virus pop-up you're receiving? Is it a separate window or a notification in the tray? Does is warn of a virus or tell you to purchase a product?
  • kcrazylegs
    edited October 2006
    New HiJack Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:43:39 PM, on 10/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    As for the antivirus add's coming up. They usually aren't saying that I currently have a virus or anything, instead they are pretty much all adds for anti-viruses and disk cleaners and such. Some sort of Winvirus Pro program comes to mind and this site (You may not want to click the link) <http://www.drivecleaner.com/.freeware/?p=26&a=1&j=1&pp=1&w=1&ex=1&ap=1&mpt=1161053018&aid=nm_mg_ffmplx_r&gt;
    came up when I opened Firefox to get to this forum. The later site is for Drive Cleaner and that one does come up with a popup saying that I have "953 Adult & Sensitive files" that ofcourse that product can clean up for me.

    That is the other thing. All the popups seem to try to open in IE which I never really use, but my ZoneAlarm is able to catch them and I can choose to deny them. As far as I can remeber the adds only ever showed up in FireFox after I startup the application.

    As always, thanks for the help.

    Ken
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Most pop up ads exploit IE, but that's not always the case. I can't see anything in the log that would still be causing the pop-ups so I would like you to do the following. Please rename the HijackThis.exe file to scanner.exe. Run the program with the new name and post that log. Some adware is able to hide from the Hijack This scan so it would be insteresting to see what this will do.
  • kcrazylegs
    edited October 2006
    Here are the results when I ran it with the name Scanner.exe

    Sorry I left Thunderbird open by accident. Let me know if this ruined anything.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:03:19 PM, on 10/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Common Files\AOL\1159041158\ee\aolsoftware.exe
    c:\program files\common files\aol\1159041158\ee\aim6.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Hijackthis\Scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\vebklybf.dll (file missing)
    O2 - BHO: (no name) - {ECCEE2BD-65F4-47D4-9CF8-74B375C0ED3B} - C:\WINDOWS\system32\vtsqr.dll
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Browsing through this log one thing stuck out to me...

    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

    I can't think of any lexmark products I have connected to my computer unless my Dell All-in-one printer is showing up as Lexmark (Which could be the case, because Lexmark makes the same damn thing...I think Dell just slapped thier logo on it)


    Two more adds that have popped up in the FireFox instance I am in are for SystemDoctor 2006 and WinAntiVirusPro if that helps at all.

    Thanks

    Ken
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Changing to scanner.exe made a difference. Here we go:

    Please download VundoFix.exe to your desktop.
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will shutdown your computer, click OK.
    • Turn your computer back on.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
  • kcrazylegs
    edited October 2006
    Here is the Vundo Log:

    VundoFix V6.2.6

    Checking Java version...

    Sun Java not detected
    Scan started at 10:15:34 PM 10/18/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\awrnjsxv.exe
    C:\WINDOWS\system32\vtsqr.dll
    C:\WINDOWS\system32\rqstv.ini
    C:\WINDOWS\system32\rqstv.bak1
    C:\WINDOWS\system32\rqstv.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awrnjsxv.exe
    C:\WINDOWS\system32\awrnjsxv.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqr.dll
    C:\WINDOWS\system32\vtsqr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqstv.ini
    C:\WINDOWS\system32\rqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqstv.bak1
    C:\WINDOWS\system32\rqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqstv.bak2
    C:\WINDOWS\system32\rqstv.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!



    By the way...I am curious to know what you noticed in the second log of HiJack this after I named it scanner.exe that wasn't in the first that tipped you off to it being vundo?

    Thanks

    Ken
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    These entries for Vundo were hiding from Hijack This:

    O2 - BHO: (no name) - {ECCEE2BD-65F4-47D4-9CF8-74B375C0ED3B} - C:\WINDOWS\system32\vtsqr.dll

    O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll

    You'll notice they didn't appear in the earlier log before the renaming.

    New variants of Vundo are able to hide from Hijack This so we rename it and it does the trick. Could you please post a fresh Hijack This log. We may need to make some quick fixes.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    I also need you to run the following:

    Please follow the below instructions:
    • Download this file - combofix.exe
    • [Double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • kcrazylegs
    edited October 2006
    HiJack This Log...

    Logfile of HijackThis v1.99.1
    Scan saved at 7:23:09 AM, on 10/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Common Files\AOL\1159041158\ee\aolsoftware.exe
    c:\program files\common files\aol\1159041158\ee\aim6.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\Scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\vebklybf.dll (file missing)
    O2 - BHO: (no name) - {ECCEE2BD-65F4-47D4-9CF8-74B375C0ED3B} - C:\WINDOWS\system32\vtsqr.dll (file missing)
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    Vundo seemed to have done the trick. Havn't been getting any pop-ups at all!!

    Let me know if you see anything else, but I think we may have knocked them all out. Thanks a lot for all the help...Short-Media has become one of my favorite sites. You guys got a good this going here...keep up the good work.

    Ken
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Hi Ken. You're very welcome for the help. Could you please see my post previous to your last one and run the combofix program? It will generate a log when it's done. Post that log here with a fresh Hijack This log in your next reply. You still have a few problems but nothing big.
    :D
  • kcrazylegs
    edited October 2006
    Sorry I didn't see the post where you told me to run the combofix.

    Here it is:

    Ken Corbo - 06-10-21 10:11:55.50 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Ken Corbo\Desktop"

    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\Ken Corbo\Application Data\Dxcknwrd.dll
    C:\WINDOWS\system32\bkd.exe


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\misc002
    C:\WINDOWS\system32\components
    C:\Program Files\Common Files\{34D32560-09DC-1033-0127-031111040001}
    C:\Program Files\Common Files\{94D32560-09DC-1033-0127-031111040001}


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-21 to 2006-10-21 ))))))))))))))))))))))))))))))))))


    2006-10-15 13:24 53,248 --a
    C:\WINDOWS\system32\Process.exe
    2006-10-15 13:24 40,960 --a
    C:\WINDOWS\system32\swsc.exe
    2006-10-15 13:24 288,417 --a
    C:\WINDOWS\system32\SrchSTS.exe
    2006-10-15 13:24 135,168 --a
    C:\WINDOWS\system32\swreg.exe
    2006-10-14 16:49 778,656 --a
    C:\WINDOWS\system32\drivers\avg7core.sys
    2006-10-14 16:49 4,992 --a
    C:\WINDOWS\system32\drivers\avgtdi.sys
    2006-10-14 16:49 4,288 --a
    C:\WINDOWS\system32\drivers\avg7rsw.sys
    2006-10-14 16:49 27,904 --a
    C:\WINDOWS\system32\drivers\avg7rsxp.sys
    2006-10-14 16:49 23,104 --a
    C:\WINDOWS\system32\drivers\avgmfrs.sys
    2006-10-13 23:22 3,968 --a
    C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-10-09 20:32 2,560 --a
    C:\WINDOWS\_MSRSTRT.EXE
    2006-09-30 12:06 118,784 -r
    C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
    2006-09-24 23:27 2,560
    C:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-09-24 23:27 2,432
    C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-09-24 22:34 77,824 --a
    C:\WINDOWS\system32\mplaw7.dll
    2006-09-24 22:34 77,824 --a
    C:\WINDOWS\system32\mplaa6.dll
    2006-09-24 22:34 65,536 --a
    C:\WINDOWS\system32\mplapx.dll
    2006-09-24 22:34 65,536 --a
    C:\WINDOWS\system32\mplam6.dll
    2006-09-24 22:34 212,480 --a
    C:\WINDOWS\PCDLIB32.DLL
    2006-09-24 22:34 19,968 --a
    C:\WINDOWS\system32\cpuinf32.dll
    2006-09-24 22:34 1,650,688 --a
    C:\WINDOWS\system32\mplva6.dll
    2006-09-24 22:34 1,581,056 --a
    C:\WINDOWS\system32\mplvw7.dll
    2006-09-24 22:34 1,552,384 --a
    C:\WINDOWS\system32\mplvm6.dll
    2006-09-24 22:34 1,122,304 --a
    C:\WINDOWS\system32\mplvpx.dll
    2006-09-24 22:33 9,856 --a
    C:\WINDOWS\system32\drivers\pfc.sys
    2006-09-24 22:29 98,352 --a
    C:\WINDOWS\dla.exe
    2006-09-24 22:29 83,360 --a
    C:\WINDOWS\system32\drivers\drvmcdb.sys
    2006-09-24 22:29 61,492 --a
    C:\WINDOWS\system32\tfswapi.dll
    2006-09-24 22:29 5,589 --a
    C:\WINDOWS\system32\drivers\sscdbhk5.sys
    2006-09-24 22:29 40,416 --a
    C:\WINDOWS\system32\drivers\drvnddm.sys
    2006-09-24 22:29 23,059 --a
    C:\WINDOWS\system32\drivers\ssrtln.sys
    2006-09-24 12:04 26,496 --a
    C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-09-23 17:01 121,856
    C:\WINDOWS\system32\xmllite.dll
    2006-09-23 15:33 24,816 --a
    C:\WINDOWS\system32\mdimon.dll
    2006-09-23 12:40 22,752 --a
    C:\WINDOWS\system32\spupdsvc.exe
    2006-09-23 10:57 11,776
    C:\WINDOWS\system32\spnpinst.exe
    2006-09-23 10:38 956,416 --a
    C:\WINDOWS\system32\msdtctm.dll
    2006-09-23 10:38 91,136 --a
    C:\WINDOWS\system32\mtxoci.dll
    2006-09-23 10:38 77,312 --a
    C:\WINDOWS\system32\browser.dll
    2006-09-23 10:38 66,560 --a
    C:\WINDOWS\system32\mtxclu.dll
    2006-09-23 10:38 625,152 --a
    C:\WINDOWS\system32\catsrvut.dll
    2006-09-23 10:38 614,912 --a
    C:\WINDOWS\system32\h323msp.dll
    2006-09-23 10:38 60,416 --a
    C:\WINDOWS\system32\colbact.dll
    2006-09-23 10:38 581,120 --a
    C:\WINDOWS\system32\rpcrt4.dll
    2006-09-23 10:38 540,160 --a
    C:\WINDOWS\system32\comuid.dll
    2006-09-23 10:38 426,496 --a
    C:\WINDOWS\system32\msdtcprx.dll
    2006-09-23 10:38 397,824 --a
    C:\WINDOWS\system32\rpcss.dll
    2006-09-23 10:38 39,936 --a
    C:\WINDOWS\system32\mf3216.dll
    2006-09-23 10:38 331,264 --a
    C:\WINDOWS\system32\ipnathlp.dll
    2006-09-23 10:38 243,200 --a
    C:\WINDOWS\system32\es.dll
    2006-09-23 10:38 225,792 --a
    C:\WINDOWS\system32\catsrv.dll
    2006-09-23 10:38 161,280 --a
    C:\WINDOWS\system32\msdtcuiu.dll
    2006-09-23 10:38 110,080 --a
    C:\WINDOWS\system32\clbcatex.dll
    2006-09-23 10:38 101,376 --a
    C:\WINDOWS\system32\txflog.dll
    2006-09-23 10:38 1,285,120 --a
    C:\WINDOWS\system32\ole32.dll
    2006-09-23 10:38 1,267,200 --a
    C:\WINDOWS\system32\comsvcs.dll
    2006-09-23 10:33 239,104 --a
    C:\WINDOWS\system32\srrstr.dll
    2006-09-23 10:32 26,112 --a
    C:\WINDOWS\system32\xpsp1hfm.exe
    2006-09-23 10:19 8,192
    C:\WINDOWS\system32\bitsprx2.dll
    2006-09-23 10:19 7,168
    C:\WINDOWS\system32\bitsprx3.dll
    2006-09-23 10:19 438,784
    C:\WINDOWS\system32\xpob2res.dll
    2006-09-23 10:19 351,232 --a
    C:\WINDOWS\system32\winhttp.dll
    2006-09-23 10:19 18,944 --a
    C:\WINDOWS\system32\qmgrprxy.dll
    2006-09-23 10:17 127,208 --a
    C:\WINDOWS\system32\mucltui.dll
    2006-09-23 10:15 465,176 --a
    C:\WINDOWS\system32\wuapi.dll
    2006-09-23 10:15 41,240 --a
    C:\WINDOWS\system32\wups.dll
    2006-09-23 10:15 194,328 --a
    C:\WINDOWS\system32\wuaueng1.dll
    2006-09-23 10:15 18,200 --a
    C:\WINDOWS\system32\wups2.dll
    2006-09-23 10:15 172,312 --a
    C:\WINDOWS\system32\wuauclt1.exe
    2006-09-23 10:15 127,256 --a
    C:\WINDOWS\system32\wucltui.dll
    2006-09-23 10:03 96,768 --a
    C:\WINDOWS\system32\logagent.exe
    2006-09-23 10:03 96,768 --a
    C:\WINDOWS\system32\drmstor.dll
    2006-09-23 10:03 940,544 --a
    C:\WINDOWS\system32\wmspdmoe.dll
    2006-09-23 10:03 895,736 --a
    C:\WINDOWS\system32\wmvdmod.dll
    2006-09-23 10:03 8,192 --a
    C:\WINDOWS\system32\asferror.dll
    2006-09-23 10:03 774,904 --a
    C:\WINDOWS\system32\wmsdmod.dll
    2006-09-23 10:03 716,288 --a
    C:\WINDOWS\system32\wmadmoe.dll
    2006-09-23 10:03 6,656 --a
    C:\WINDOWS\system32\laprxy.dll
    2006-09-23 10:03 502,272 --a
    C:\WINDOWS\system32\drmv2clt.dll
    2006-09-23 10:03 413,944 --a
    C:\WINDOWS\system32\wmspdmod.dll
    2006-09-23 10:03 396,528 --a
    C:\WINDOWS\system32\wmadmod.dll
    2006-09-23 10:03 384,512 --a
    C:\WINDOWS\system32\mp4sdmod.dll
    2006-09-23 10:03 364,784 --a
    C:\WINDOWS\system32\MSSCP.dll
    2006-09-23 10:03 33,792 --a
    C:\WINDOWS\system32\WMDMPS.dll
    2006-09-23 10:03 315,904 --a
    C:\WINDOWS\system32\MSWMDM.dll
    2006-09-23 10:03 310,272 --a
    C:\WINDOWS\system32\mp43dmod.dll
    2006-09-23 10:03 294,912 --a
    C:\WINDOWS\system32\blackbox.dll
    2006-09-23 10:03 28,160 --a
    C:\WINDOWS\system32\WMDMLOG.dll
    2006-09-23 10:03 258,296 --a
    C:\WINDOWS\system32\drmclien.dll
    2006-09-23 10:03 25,088 --a
    C:\WINDOWS\system32\MsPMSNSv.dll
    2006-09-23 10:03 240,640 --a
    C:\WINDOWS\system32\mpg4dmod.dll
    2006-09-23 10:03 233,472 --a
    C:\WINDOWS\system32\wmpdxm.dll
    2006-09-23 10:03 221,184 --a
    C:\WINDOWS\system32\qasf.dll
    2006-09-23 10:03 20,480 --a
    C:\WINDOWS\system32\wmpui.dll
    2006-09-23 10:03 20,480 --a
    C:\WINDOWS\system32\wmpcore.dll
    2006-09-23 10:03 20,480 --a
    C:\WINDOWS\system32\wmpcd.dll
    2006-09-23 10:03 2,940,928 --a
    C:\WINDOWS\system32\wmploc.dll
    2006-09-23 10:03 173,568 --a
    C:\WINDOWS\system32\MsPMSP.dll
    2006-09-23 10:03 168,448 --a
    C:\WINDOWS\system32\wmerror.dll
    2006-09-23 10:03 164,864 --a
    C:\WINDOWS\system32\cewmdm.dll
    2006-09-23 10:03 150,016 --a
    C:\WINDOWS\system32\wmidx.dll
    2006-09-23 10:03 142,336 --a
    C:\WINDOWS\system32\msnetobj.dll
    2006-09-23 10:03 118,784 -r
    C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2006-09-23 10:03 114,688 --a
    C:\WINDOWS\system32\wmpasf.dll
    2006-09-23 10:03 102,400 --a
    C:\WINDOWS\system32\wmpshell.dll
    2006-09-23 10:03 1,119,744 --a
    C:\WINDOWS\system32\wmsdmoe2.dll
    2006-09-23 10:03 1,027,072 --a
    C:\WINDOWS\system32\wmnetmgr.dll
    2006-09-23 10:03 1,003,008 --a
    C:\WINDOWS\system32\wmvdmoe2.dll
    2006-09-23 10:02 55,040 --a
    C:\WINDOWS\system32\drivers\L8042MOU.SYS
    2006-09-23 10:02 23,040 --a
    C:\WINDOWS\system32\drivers\mouclass.sys
    2006-09-23 10:02 13,440 --a
    C:\WINDOWS\system32\drivers\L8042Kbd.SYS
    2006-09-23 10:02 12,160 --a
    C:\WINDOWS\system32\drivers\mouhid.sys
    2006-09-23 10:01 89,088 --a
    C:\WINDOWS\system32\atl71.dll
    2006-09-23 10:01 68,864 --a
    C:\WINDOWS\system32\drivers\LMouKE.Sys
    2006-09-23 10:01 499,712 --a
    C:\WINDOWS\system32\msvcp71.dll
    2006-09-23 10:01 348,160 --a
    C:\WINDOWS\system32\msvcr71.dll
    2006-09-23 10:01 28,160 --a
    C:\WINDOWS\KHALMNPR.Exe
    2006-09-23 10:01 26,112 --a
    C:\WINDOWS\system32\drivers\LHidKE.Sys
    2006-09-23 10:01 258,352 --a
    C:\WINDOWS\system32\unicows.dll
    2006-09-23 10:01 1,060,864 --a
    C:\WINDOWS\system32\MFC71.dll
    2006-09-23 10:01 1,047,552 --a
    C:\WINDOWS\system32\MFC71u.dll
    2006-09-22 22:38 208,896 --a
    C:\WINDOWS\system32\nvudisp.exe
    2006-09-22 22:37 208,896 --a
    C:\WINDOWS\system32\NVUNINST.EXE
    2006-09-22 22:21 198,424 --a
    C:\WINDOWS\system32\iuengine.dll
    2006-09-22 22:20 95,360 --a
    C:\WINDOWS\system32\drivers\atapi.sys
    2006-09-22 22:20 42,368 --a
    C:\WINDOWS\system32\drivers\agp440.sys
    2006-09-22 22:20 3,328 --a
    C:\WINDOWS\system32\drivers\pciide.sys
    2006-09-22 22:20 25,088 --a
    C:\WINDOWS\system32\drivers\pciidex.sys
    2006-09-22 22:19 74,240 --a
    C:\WINDOWS\system32\usbui.dll
    2006-09-22 22:19 68,224 --a
    C:\WINDOWS\system32\drivers\pci.sys
    2006-09-22 22:19 57,600 --a
    C:\WINDOWS\system32\drivers\usbhub.sys
    2006-09-22 22:19 35,840 --a
    C:\WINDOWS\system32\drivers\isapnp.sys
    2006-09-22 22:19 20,480 --a
    C:\WINDOWS\system32\drivers\usbuhci.sys
    2006-09-22 22:19 142,976 --a
    C:\WINDOWS\system32\drivers\usbport.sys
    2006-09-22 19:11 720,896 --a
    C:\WINDOWS\system32\a3d.dll
    2006-09-22 19:11 60,288 --a
    C:\WINDOWS\system32\drivers\drmk.sys
    2006-09-22 19:11 539,008 --a
    C:\WINDOWS\system32\drivers\smwdm.sys
    2006-09-22 19:11 48,640 --a
    C:\WINDOWS\system32\drivers\stream.sys
    2006-09-22 19:11 45,056 --a
    C:\WINDOWS\system32\CleanUp.exe
    2006-09-22 19:11 4,816 --a
    C:\WINDOWS\system32\drivers\aeaudio.sys
    2006-09-22 19:11 36,864 --a
    C:\WINDOWS\system32\DSndUp.exe
    2006-09-22 19:11 3,744 --a
    C:\WINDOWS\system32\drivers\smsens.sys
    2006-09-22 19:11 145,792 --a
    C:\WINDOWS\system32\drivers\portcls.sys
    2006-09-22 19:11 140,928 --a
    C:\WINDOWS\system32\drivers\ks.sys
    2006-09-22 19:08 4,096 --a
    C:\WINDOWS\system32\ksuser.dll
    2006-09-22 19:08 10,624 --a
    C:\WINDOWS\system32\drivers\gameenum.sys
    2006-09-22 19:07 9,600 --a
    C:\WINDOWS\system32\drivers\QsndEnum.sys
    2006-09-22 19:07 53,248 --a
    C:\WINDOWS\system32\SetOutput60x.dll
    2006-09-22 19:07 411,008 --a
    C:\WINDOWS\system32\drivers\QSoftAud.sys
    2006-09-22 19:07 365,460 --a
    C:\WINDOWS\system32\drivers\pscaudio.sys
    2006-09-22 19:07 32,768 --a
    C:\WINDOWS\system32\pscprop.dll
    2006-09-22 19:07 22,048 --a
    C:\WINDOWS\system32\cocpyinf.dll
    2006-09-22 19:07 159,744 --a
    C:\WINDOWS\system32\qlmp.dll
    2006-09-22 19:07 155,648 --a
    C:\WINDOWS\pscunins.exe
    2006-09-22 19:05 53,248 --a
    C:\WINDOWS\system32\Prounstl.exe
    2006-09-22 19:05 23,040 --a
    C:\WINDOWS\system32\IntelNic.dll
    2006-09-22 19:05 139,776 --a
    C:\WINDOWS\system32\drivers\e100b325.sys
    2006-09-22 19:04 87,040 --a
    C:\WINDOWS\system32\wiafbdrv.dll
    2006-09-22 19:04 73,728 --a
    C:\WINDOWS\system32\dlbapwr.dll
    2006-09-22 19:04 69,632 --a
    C:\WINDOWS\system32\dlbascin.dll
    2006-09-22 19:04 57,344 --a
    C:\WINDOWS\system32\dlbacinf.dll
    2006-09-22 19:04 49,152 --a
    C:\WINDOWS\system32\dlbacoin.dll
    2006-09-22 19:04 40,960 --a
    C:\WINDOWS\system32\dlbavs.dll
    2006-09-22 19:04 303,104 --a
    C:\WINDOWS\system32\LEXBCES.EXE
    2006-09-22 19:04 286,720 --a
    C:\WINDOWS\system32\dlbacomm.dll
    2006-09-22 19:04 201,216 --a
    C:\WINDOWS\system32\LEXP2P32.DLL
    2006-09-22 19:04 196,096 --a
    C:\WINDOWS\system32\LEX2KUSB.DLL
    2006-09-22 19:04 192,512 --a
    C:\WINDOWS\system32\lexlmpm.dll
    2006-09-22 19:04 174,592 --a
    C:\WINDOWS\system32\LEXPPS.EXE
    2006-09-22 19:04 15,104 --a
    C:\WINDOWS\system32\drivers\usbscan.sys
    2006-09-22 19:04 147,456 --a
    C:\WINDOWS\system32\LEXBCE.DLL
    2006-09-22 18:59 299,520 --a
    C:\WINDOWS\uninst.exe
    2006-09-22 18:05 112,128 --a
    C:\WINDOWS\system32\mapi32.dll
    2006-09-22 18:05 0 -rahs---- C:\MSDOS.SYS
    2006-09-22 18:05 0 -rahs---- C:\IO.SYS
    2006-09-22 18:05 0 --a
    C:\CONFIG.SYS
    2006-09-22 18:05 0 --a
    C:\AUTOEXEC.BAT
    2006-09-22 18:04 45,568 --a
    C:\WINDOWS\system32\safrslv.dll
    2006-09-22 18:04 43,520 --a
    C:\WINDOWS\system32\safrcdlg.dll
    2006-09-22 18:04 43,520 --a
    C:\WINDOWS\system32\racpldlg.dll
    2006-09-22 18:04 382,464 --a
    C:\WINDOWS\system32\qmgr.dll
    2006-09-22 18:04 29,696 --a
    C:\WINDOWS\system32\safrdm.dll
    2006-09-22 18:04 11,264 --a
    C:\WINDOWS\system32\atrace.dll
    2006-09-22 18:03 81,920 --a
    C:\WINDOWS\system32\isign32.dll
    2006-09-22 18:03 81,920 --a
    C:\WINDOWS\system32\ils.dll
    2006-09-22 18:03 73,728 --a
    C:\WINDOWS\system32\icwdial.dll
    2006-09-22 18:03 73,472 --a
    C:\WINDOWS\system32\drivers\sr.sys
    2006-09-22 18:03 69,632 --a
    C:\WINDOWS\system32\msconf.dll
    2006-09-22 18:03 679,424 --a
    C:\WINDOWS\system32\inetcomm.dll
    2006-09-22 18:03 67,584 --a
    C:\WINDOWS\system32\srclient.dll
    2006-09-22 18:03 65,536 --a
    C:\WINDOWS\system32\icwphbk.dll
    2006-09-22 18:03 64,512 --a
    C:\WINDOWS\system32\acctres.dll
    2006-09-22 18:03 48,128 --a
    C:\WINDOWS\system32\inetres.dll
    2006-09-22 18:03 34,560 --a
    C:\WINDOWS\system32\mnmdd.dll
    2006-09-22 18:03 32,768 --a
    C:\WINDOWS\system32\mnmsrvc.exe
    2006-09-22 18:03 32,768 --a
    C:\WINDOWS\system32\isrdbg32.dll
    2006-09-22 18:03 28,672 --a
    C:\WINDOWS\system32\nmmkcert.dll
    2006-09-22 18:03 274,944 --a
    C:\WINDOWS\system32\mstask.dll
    2006-09-22 18:03 274,432 --a
    C:\WINDOWS\system32\inetcfg.dll
    2006-09-22 18:03 252,928 --a
    C:\WINDOWS\system32\msoeacct.dll
    2006-09-22 18:03 190,976 --a
    C:\WINDOWS\system32\schedsvc.dll
    2006-09-22 18:03 170,496 --a
    C:\WINDOWS\system32\srsvc.dll
    2006-09-22 18:03 16,384 --a
    C:\WINDOWS\system32\icfgnt5.dll
    2006-09-22 18:03 12,288 --a
    C:\WINDOWS\system32\nmevtmsg.dll
    2006-09-22 18:03 12,288 --a
    C:\WINDOWS\system32\mstinit.exe
    2006-09-22 18:03 105,984 --a
    C:\WINDOWS\system32\msoert2.dll
    2006-09-22 18:02 97,792 --a
    C:\WINDOWS\system32\comrepl.dll
    2006-09-22 18:02 93,696 --a
    C:\WINDOWS\system32\tscfgwmi.dll
    2006-09-22 18:02 9,728 --a
    C:\WINDOWS\system32\reset.exe
    2006-09-22 18:02 87,176 --a
    C:\WINDOWS\system32\rdpwsx.dll
    2006-09-22 18:02 85,504 --a
    C:\WINDOWS\system32\catsrvps.dll
    2006-09-22 18:02 80,384 --a
    C:\WINDOWS\system32\charmap.exe
    2006-09-22 18:02 73,216 --a
    C:\WINDOWS\system32\avwav.dll
    2006-09-22 18:02 67,072 --a
    C:\WINDOWS\system32\rdshost.exe
    2006-09-22 18:02 655,360 --a
    C:\WINDOWS\system32\mstscax.dll
    2006-09-22 18:02 62,464 --a
    C:\WINDOWS\system32\rdpclip.exe
    2006-09-22 18:02 605,696 --a
    C:\WINDOWS\system32\getuname.dll
    2006-09-22 18:02 60,416 --a
    C:\WINDOWS\system32\remotepg.dll
    2006-09-22 18:02 6,656 --a
    C:\WINDOWS\system32\wuauserv.dll
    2006-09-22 18:02 6,144 --a
    C:\WINDOWS\system32\msdtc.exe
    2006-09-22 18:02 58,880 --a
    C:\WINDOWS\system32\msdtclog.dll
    2006-09-22 18:02 58,880 --a
    C:\WINDOWS\system32\licwmi.dll
    2006-09-22 18:02 56,832 --a
    C:\WINDOWS\system32\sol.exe
    2006-09-22 18:02 56,320 --a
    C:\WINDOWS\system32\servdeps.dll
    2006-09-22 18:02 55,296 --a
    C:\WINDOWS\system32\freecell.exe
    2006-09-22 18:02 54,272 --a
    C:\WINDOWS\system32\stclient.dll
    2006-09-22 18:02 538,624 --a
    C:\WINDOWS\system32\spider.exe
    2006-09-22 18:02 5,632 --a
    C:\WINDOWS\system32\write.exe
    2006-09-22 18:02 5,120 --a
    C:\WINDOWS\system32\dcomcnfg.exe
    2006-09-22 18:02 44,544 --a
    C:\WINDOWS\system32\tscupgrd.exe
    2006-09-22 18:02 44,544 --a
    C:\WINDOWS\system32\hticons.dll
    2006-09-22 18:02 407,552 --a
    C:\WINDOWS\system32\mstsc.exe
    2006-09-22 18:02 40,840 --a
    C:\WINDOWS\system32\drivers\termdd.sys
    2006-09-22 18:02 4,096 --a
    C:\WINDOWS\system32\rdpcfgex.dll
    2006-09-22 18:02 4,096 --a
    C:\WINDOWS\system32\mtxex.dll
    2006-09-22 18:02 38,912 --a
    C:\WINDOWS\system32\cfgbkend.dll
    2006-09-22 18:02 35,328 --a
    C:\WINDOWS\system32\winchat.exe
    2006-09-22 18:02 347,136 --a
    C:\WINDOWS\system32\hypertrm.dll
    2006-09-22 18:02 343,040 --a
    C:\WINDOWS\system32\mspaint.exe
    2006-09-22 18:02 33,792 --a
    C:\WINDOWS\system32\regini.exe
    2006-09-22 18:02 295,424 --a
    C:\WINDOWS\system32\termsrv.dll
    2006-09-22 18:02 25,600 --a
    C:\WINDOWS\system32\comaddin.dll
    2006-09-22 18:02 25,088 --a
    C:\WINDOWS\system32\mtxlegih.dll
    2006-09-22 18:02 227,840 --a
    C:\WINDOWS\system32\avtapi.dll
    2006-09-22 18:02 22,016 --a
    C:\WINDOWS\system32\qwinsta.exe
    2006-09-22 18:02 21,896 --a
    C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-09-22 18:02 20,992 --a
    C:\WINDOWS\system32\msg.exe
    2006-09-22 18:02 20,480 --a
    C:\WINDOWS\system32\qprocess.exe
    2006-09-22 18:02 20,480 --a
    C:\WINDOWS\system32\mtxdm.dll
    2006-09-22 18:02 196,864 --a
    C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-09-22 18:02 19,968 --a
    C:\WINDOWS\system32\rdpsnd.dll
    2006-09-22 18:02 185,344 --a
    C:\WINDOWS\system32\cmprops.dll
    2006-09-22 18:02 183,808 --a
    C:\WINDOWS\system32\accwiz.exe
    2006-09-22 18:02 17,408 --a
    C:\WINDOWS\system32\mmfutil.dll
    2006-09-22 18:02 16,896 --a
    C:\WINDOWS\system32\tsshutdn.exe
    2006-09-22 18:02 16,896 --a
    C:\WINDOWS\system32\qappsrv.exe
    2006-09-22 18:02 16,384 --a
    C:\WINDOWS\system32\tskill.exe
    2006-09-22 18:02 16,384 --a
    C:\WINDOWS\system32\avmeter.dll
    2006-09-22 18:02 15,872 --a
    C:\WINDOWS\system32\rwinsta.exe
    2006-09-22 18:02 15,872 --a
    C:\WINDOWS\system32\cdmodem.dll
    2006-09-22 18:02 15,360 --a
    C:\WINDOWS\system32\logoff.exe
    2006-09-22 18:02 147,968 --a
    C:\WINDOWS\system32\rdchost.dll
    2006-09-22 18:02 147,456 --a
    C:\WINDOWS\system32\comsnap.dll
    2006-09-22 18:02 140,800 --a
    C:\WINDOWS\system32\sessmgr.exe
    2006-09-22 18:02 14,848 --a
    C:\WINDOWS\system32\tsdiscon.exe
    2006-09-22 18:02 14,848 --a
    C:\WINDOWS\system32\tscon.exe
    2006-09-22 18:02 14,848 --a
    C:\WINDOWS\system32\shadow.exe
    2006-09-22 18:02 139,528 --a
    C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-09-22 18:02 138,752 --a
    C:\WINDOWS\system32\sndvol32.exe
    2006-09-22 18:02 131,584 --a
    C:\WINDOWS\system32\sndrec32.exe
    2006-09-22 18:02 13,824 --a
    C:\WINDOWS\system32\rdsaddin.exe
    2006-09-22 18:02 126,976 --a
    C:\WINDOWS\system32\mshearts.exe
    2006-09-22 18:02 124,184 --a
    C:\WINDOWS\system32\wuauclt.exe
    2006-09-22 18:02 123,392 --a
    C:\WINDOWS\system32\mplay32.exe
    2006-09-22 18:02 12,040 --a
    C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-09-22 18:02 119,808 --a
    C:\WINDOWS\system32\winmine.exe
    2006-09-22 18:02 114,688 --a
    C:\WINDOWS\system32\calc.exe
    2006-09-22 18:02 11,776 --a
    C:\WINDOWS\system32\xolehlp.dll
    2006-09-22 18:02 11,264 --a
    C:\WINDOWS\system32\icaapi.dll
    2006-09-22 18:02 102,912 --a
    C:\WINDOWS\system32\clipbrd.exe
    2006-09-22 18:02 1,343,768 --a
    C:\WINDOWS\system32\wuaueng.dll
    2006-09-22 18:02 1,161 --a
    C:\WINDOWS\system32\usrlogon.cmd
    2006-09-22 16:48 7,168 --a
    C:\WINDOWS\system32\hccoin.dll
    2006-09-22 16:48 26,624 --a
    C:\WINDOWS\system32\drivers\usbehci.sys
    2006-09-22 13:59 82,944 --a
    C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-09-22 13:59 7,552 --a
    C:\WINDOWS\system32\drivers\mskssrv.sys
    2006-09-22 13:59 60,800 --a
    C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-09-22 13:59 6,400 --a
    C:\WINDOWS\system32\drivers\splitter.sys
    2006-09-22 13:59 59,264 --a
    C:\WINDOWS\system32\drivers\usbaudio.sys
    2006-09-22 13:59 54,272 --a
    C:\WINDOWS\system32\drivers\swmidi.sys
    2006-09-22 13:59 52,864 --a
    C:\WINDOWS\system32\drivers\dmusic.sys
    2006-09-22 13:59 5,376 --a
    C:\WINDOWS\system32\drivers\mspclock.sys
    2006-09-22 13:59 4,992 --a
    C:\WINDOWS\system32\drivers\mspqm.sys
    2006-09-22 13:59 3,072 --a
    C:\WINDOWS\system32\drivers\audstub.sys
    2006-09-22 13:59 21,504 --a
    C:\WINDOWS\system32\hidserv.dll
    2006-09-22 13:59 2,944 --a
    C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-09-22 13:59 172,416 --a
    C:\WINDOWS\system32\drivers\kmixer.sys
    2006-09-22 13:59 142,464 --a
    C:\WINDOWS\system32\drivers\aec.sys
    2006-09-22 13:58 57,472 --a
    C:\WINDOWS\system32\drivers\redbook.sys
    2006-09-22 13:58 25,856 --a
    C:\WINDOWS\system32\drivers\usbprint.sys
    2006-09-22 13:57 85,020 --a
    C:\WINDOWS\system32\dgsetup.dll
    2006-09-22 13:57 8,704 --a
    C:\WINDOWS\system32\batt.dll
    2006-09-22 13:57 8,192 -ra
    C:\WINDOWS\system32\kbdhept.dll
    2006-09-22 13:57 7,168 -ra
    C:\WINDOWS\system32\kbdcz.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdycl.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdsl1.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdsl.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdpl.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdhu.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdhela3.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdcz2.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdcz1.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\kbdcr.dll
    2006-09-22 13:57 6,656 -ra
    C:\WINDOWS\system32\KBDAL.DLL
    2006-09-22 13:57 6,144 -ra
    C:\WINDOWS\system32\kbdtuq.dll
    2006-09-22 13:57 6,144 -ra
    C:\WINDOWS\system32\kbdtuf.dll
    2006-09-22 13:57 6,144 -ra
    C:\WINDOWS\system32\kbdlv1.dll
    2006-09-22 13:57 6,144 -ra
    C:\WINDOWS\system32\kbdlv.dll
    2006-09-22 13:57 6,144 -ra
    C:\WINDOWS\system32\kbdhela2.dll
    2006-09-22 13:57 6,144 -ra
    C:\WINDOWS\system32\kbdgkl.dll
    2006-09-22 13:57 6,144 -ra
    C:\WINDOWS\system32\kbdest.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdycc.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbduzb.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdur.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdtat.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdru1.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdru.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdro.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdpl1.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdmon.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdlt1.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdlt.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdkyr.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdkaz.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdhu1.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdhe319.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdhe220.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdhe.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdbu.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdblr.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdazel.dll
    2006-09-22 13:57 5,632 -ra
    C:\WINDOWS\system32\kbdaze.dll
    2006-09-22 13:57 24,661 --a
    C:\WINDOWS\system32\spxcoins.dll
    2006-09-22 13:57 176,157 --a
    C:\WINDOWS\system32\dgrpsetu.dll
    2006-09-22 13:57 13,312 --a
    C:\WINDOWS\system32\irclass.dll
    2006-09-22 13:57 11,264 --a
    C:\WINDOWS\system32\drivers\irenum.sys
    2006-09-22 13:57 103,424 --a
    C:\WINDOWS\system32\EqnClass.Dll
    2006-09-22 13:56 74,752 --a
    C:\WINDOWS\system32\storprop.dll
    2006-09-22 13:56 69,120 --a
    C:\WINDOWS\notepad.exe
    2006-09-22 13:56 15,360 --a
    C:\WINDOWS\TASKMAN.EXE
    2006-09-21 17:57 20,096 --a
    C:\WINDOWS\system32\drivers\AnyDVD.sys


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-21 10:12
    d
    C:\Program Files\Common Files
    2006-10-21 10:08
    d
    C:\Program Files\Mozilla Firefox
    2006-10-20 15:00
    d
    C:\Program Files\Mozilla Thunderbird
    2006-10-20 07:22
    d
    C:\Program Files\Hijackthis
    2006-10-19 19:45
    d
    C:\Program Files\Mozilla Sunbird
    2006-10-18 22:39 47104 --a
    C:\Program Files\ATF-Cleaner.exe
    2006-10-15 01:01
    d
    C:\Program Files\SpywareBlaster
    2006-10-14 18:39
    d
    C:\Documents and Settings\Ken Corbo\Application Data\AVG7
    2006-10-14 16:49
    d---s---- C:\Documents and Settings\Ken Corbo\Application Data\Microsoft
    2006-10-13 23:22
    d
    C:\Program Files\Grisoft
    2006-10-13 21:40
    d
    C:\Program Files\Zone Labs
    2006-10-13 14:19
    d
    C:\Program Files\Lavasoft
    2006-10-13 14:19
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Lavasoft
    2006-10-10 20:21
    d
    C:\Documents and Settings\Ken Corbo\Application Data\AdobeUM
    2006-10-10 20:20
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Adobe
    2006-10-09 20:59
    d--h
    C:\Program Files\InstallShield Installation Information
    2006-10-09 20:59
    d
    C:\Program Files\Electronic Arts
    2006-10-09 20:32 2560 --a
    C:\WINDOWS\_MSRSTRT.EXE
    2006-10-09 20:30
    d
    C:\Program Files\Jasc Software Inc
    2006-10-08 23:17
    d
    C:\Program Files\microsoft frontpage
    2006-10-08 23:17
    d
    C:\Program Files\Common Files\Microsoft Shared
    2006-10-08 21:00
    d
    C:\Program Files\Common Files\Adobe
    2006-10-08 20:58 875 --a
    C:\Documents and Settings\Ken Corbo\Application Data\AdobeDLM.log
    2006-10-08 20:58 0 --a
    C:\Documents and Settings\Ken Corbo\Application Data\dm.ini
    2006-10-08 20:58
    d
    C:\Program Files\Adobe
    2006-10-05 17:04
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Help
    2006-09-29 17:44
    d
    C:\Documents and Settings\Ken Corbo\Application Data\CyberLink
    2006-09-25 20:36
    d
    C:\Program Files\CoolMon
    2006-09-25 19:59
    d
    C:\Program Files\CoolMon 2
    2006-09-24 23:43
    d
    C:\Program Files\EA GAMES
    2006-09-24 23:40
    d
    C:\Program Files\Winamp
    2006-09-24 23:27
    d
    C:\Program Files\Windows Media Player
    2006-09-24 22:55
    d
    C:\Documents and Settings\Ken Corbo\Application Data\ArcSoft
    2006-09-24 22:37
    d
    C:\Program Files\CyberLink
    2006-09-24 22:34
    d
    C:\Program Files\ArcSoft
    2006-09-24 22:33
    d
    C:\Program Files\Sonic
    2006-09-24 22:32
    d
    C:\Program Files\VERITAS Software
    2006-09-24 22:27
    d
    C:\Documents and Settings\Ken Corbo\Application Data\VERITAS
    2006-09-24 22:20
    d
    C:\Program Files\Fellowes
    2006-09-24 22:18
    d
    C:\Program Files\Common Files\InstallShield
    2006-09-24 21:11
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Mozilla
    2006-09-24 21:09
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Thunderbird
    2006-09-24 13:01
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Apple Computer
    2006-09-24 12:50
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Talkback
    2006-09-23 17:24
    d
    C:\Program Files\SlySoft
    2006-09-23 17:23 125 ---hs---- C:\Documents and Settings\Ken Corbo\Application Data\.zreglib
    2006-09-23 17:13
    d
    C:\Program Files\WinRAR
    2006-09-23 17:13
    d
    C:\Documents and Settings\Ken Corbo\Application Data\SlySoft
    2006-09-23 17:12
    d
    C:\Program Files\Elaborate Bytes
    2006-09-23 17:07
    d
    C:\Program Files\Internet Explorer
    2006-09-23 16:46
    d
    C:\Program Files\Messenger
    2006-09-23 16:43
    d
    C:\Program Files\QuickTime
    2006-09-23 16:42
    d
    C:\Program Files\Apple Software Update
    2006-09-23 16:40
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Macromedia
    2006-09-23 16:14
    d
    C:\Program Files\Outlook Express
    2006-09-23 16:14
    d
    C:\Program Files\Common Files\System
    2006-09-23 15:54
    d
    C:\Documents and Settings\Ken Corbo\Application Data\acccore
    2006-09-23 15:53
    d
    C:\Program Files\Viewpoint
    2006-09-23 15:53
    d
    C:\Program Files\Common Files\AOL
    2006-09-23 15:53
    d
    C:\Program Files\AOL
    2006-09-23 15:53
    d
    C:\Program Files\AOD
    2006-09-23 15:52
    d
    C:\Program Files\Common Files\Nullsoft
    2006-09-23 15:52
    d
    C:\Program Files\Common Files\aolshare
    2006-09-23 15:47
    d
    C:\Program Files\OfficeUpdate11
    2006-09-23 15:32
    d
    C:\Program Files\Microsoft.NET
    2006-09-23 15:32
    d
    C:\Program Files\Microsoft Office
    2006-09-23 15:32
    d
    C:\Program Files\Microsoft ActiveSync
    2006-09-23 15:32
    d
    C:\Program Files\Common Files\DESIGNER
    2006-09-23 12:45
    d
    C:\Program Files\Movie Maker
    2006-09-23 12:43
    d
    C:\Program Files\Windows NT
    2006-09-23 12:43
    d
    C:\Program Files\NetMeeting
    2006-09-23 10:22
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Logitech
    2006-09-23 10:16
    d--h
    C:\Program Files\WindowsUpdate
    2006-09-23 10:02
    d
    C:\Program Files\Logitech
    2006-09-23 10:01
    d
    C:\Program Files\Common Files\Logitech
    2006-09-22 22:20
    d
    C:\Program Files\Intel
    2006-09-22 19:11
    d
    C:\Program Files\Analog Devices
    2006-09-22 19:07
    d
    C:\Program Files\Philips
    2006-09-22 19:04
    d
    C:\Program Files\Dell AIO Printer A940
    2006-09-22 19:04
    d
    C:\Program Files\Dell A940
    2006-09-22 18:22
    d--h
    C:\Program Files\Uninstall Information
    2006-09-22 18:22
    d
    C:\Documents and Settings\Ken Corbo\Application Data\Identities
    2006-09-22 18:06
    d
    C:\Program Files\xerox
    2006-09-22 18:04
    d
    C:\Program Files\Online Services
    2006-09-22 18:03
    d
    C:\Program Files\ComPlus Applications
    2006-09-22 18:03
    d
    C:\Program Files\Common Files\Services
    2006-09-22 18:03
    d
    C:\Program Files\Common Files\MSSoap
    2006-09-22 18:02
    d
    C:\Program Files\MSN Gaming Zone
    2006-09-22 18:02
    d
    C:\Program Files\MSN
    2006-09-22 13:57
    d
    C:\Program Files\Common Files\SpeechEngines
    2006-09-22 13:57
    d
    C:\Program Files\Common Files\ODBC
    2006-09-22 13:56 62 --ahs---- C:\Documents and Settings\Ken Corbo\Application Data\desktop.ini
    2006-09-13 01:01 1084416 --a
    C:\WINDOWS\system32\msxml3.dll
    2006-08-25 11:45 617472 --a
    C:\WINDOWS\system32\comctl32.dll
    2006-08-23 00:31 5906432
    C:\WINDOWS\system32\ieframe.dll
    2006-08-23 00:31 50688
    C:\WINDOWS\system32\msfeedsbs.dll
    2006-08-23 00:31 457728
    C:\WINDOWS\system32\msfeeds.dll
    2006-08-23 00:31 413696 --a
    C:\WINDOWS\system32\vbscript.dll
    2006-08-23 00:31 225792 --a
    C:\WINDOWS\system32\webcheck.dll
    2006-08-23 00:31 175616
    C:\WINDOWS\system32\ieui.dll
    2006-08-23 00:31 152064 --a
    C:\WINDOWS\system32\msls31.dll
    2006-08-23 00:18 78336 --a
    C:\WINDOWS\system32\ieencode.dll
    2006-08-23 00:18 206336
    C:\WINDOWS\system32\WinFXDocObj.exe
    2006-08-23 00:17 40448 --a
    C:\WINDOWS\system32\licmgr10.dll
    2006-08-23 00:17 105472 --a
    C:\WINDOWS\system32\url.dll
    2006-08-23 00:17 100352 --a
    C:\WINDOWS\system32\occache.dll
    2006-08-23 00:16 16896 --a
    C:\WINDOWS\system32\corpol.dll
    2006-08-23 00:14 378368 --a
    C:\WINDOWS\system32\iedkcs32.dll
    2006-08-23 00:14 229376 --a
    C:\WINDOWS\system32\ieaksie.dll
    2006-08-23 00:13 71680 --a
    C:\WINDOWS\system32\admparse.dll
    2006-08-23 00:13 55296 --a
    C:\WINDOWS\system32\iesetup.dll
    2006-08-23 00:13 54784 --a
    C:\WINDOWS\system32\ie4uinit.exe
    2006-08-23 00:13 43008 --a
    C:\WINDOWS\system32\iernonce.dll
    2006-08-23 00:13 152064 --a
    C:\WINDOWS\system32\ieakeng.dll
    2006-08-23 00:13 122880 --a
    C:\WINDOWS\system32\advpack.dll
    2006-08-23 00:13 11776 --a
    C:\WINDOWS\system32\ieudinit.exe
    2006-08-23 00:11 12288
    C:\WINDOWS\system32\msfeedssync.exe
    2006-08-23 00:10 61440
    C:\WINDOWS\system32\icardie.dll
    2006-08-23 00:10 35328 --a
    C:\WINDOWS\system32\imgutil.dll
    2006-08-23 00:09 262656
    C:\WINDOWS\system32\iertutil.dll
    2006-08-23 00:07 45568 --a
    C:\WINDOWS\system32\mshta.exe
    2006-08-22 23:37 48128 --a
    C:\WINDOWS\system32\mshtmler.dll
    2006-08-22 23:36 380928
    C:\WINDOWS\system32\ieapfltr.dll
    2006-08-22 23:30 161792 --a
    C:\WINDOWS\system32\ieakui.dll
    2006-08-21 08:21 16896 --a
    C:\WINDOWS\system32\fltlib.dll
    2006-08-21 05:14 23040 --a
    C:\WINDOWS\system32\fltmc.exe
    2006-08-21 05:14 128896
    C:\WINDOWS\system32\drivers\fltmgr.sys
    2006-08-16 07:58 100352 --a
    C:\WINDOWS\system32\6to4svc.dll
    2006-08-11 21:45 888832 --a
    C:\WINDOWS\system32\nvmobls.dll
    2006-08-11 21:45 581632 --a
    C:\WINDOWS\system32\nvhwvid.dll
    2006-08-11 21:45 5611520 --a
    C:\WINDOWS\system32\nvdisps.dll
    2006-08-11 21:45 5251072 --a
    C:\WINDOWS\system32\nvdispsr.dll
    2006-08-11 21:45 458752 --a
    C:\WINDOWS\system32\nvmccssr.dll
    2006-08-11 21:45 45056 --a
    C:\WINDOWS\system32\nvmccsrs.dll
    2006-08-11 21:45 3039232 --a
    C:\WINDOWS\system32\nvgames.dll
    2006-08-11 21:45 2953216 --a
    C:\WINDOWS\system32\nvvitvsr.dll
    2006-08-11 21:45 2928640 --a
    C:\WINDOWS\system32\nvgamesr.dll
    2006-08-11 21:45 2904064 --a
    C:\WINDOWS\system32\nvvitvs.dll
    2006-08-11 21:45 2859008 --a
    C:\WINDOWS\system32\nvmoblsr.dll
    2006-08-11 21:45 229376 --a
    C:\WINDOWS\system32\nvmccs.dll
    2006-08-11 21:45 188416 --a
    C:\WINDOWS\system32\nvmccss.dll
    2006-08-11 21:45 1732608 --a
    C:\WINDOWS\system32\nvwssr.dll
    2006-08-11 21:45 1236992 --a
    C:\WINDOWS\system32\nvwss.dll
    2006-08-11 21:44 147456 --a
    C:\WINDOWS\system32\nvcolor.exe
    2006-08-11 21:43 86016 --a
    C:\WINDOWS\system32\nvmctray.dll
    2006-08-11 21:43 81920 --a
    C:\WINDOWS\system32\nvwddi.dll
    2006-08-11 21:43 794624 --a
    C:\WINDOWS\system32\nvcplui.exe
    2006-08-11 21:43 7630848 --a
    C:\WINDOWS\system32\nvcpl.dll
    2006-08-11 21:43 466944 --a
    C:\WINDOWS\system32\nvshell.dll
    2006-08-11 21:43 442368 --a
    C:\WINDOWS\system32\nvappbar.exe
    2006-08-11 21:43 425984 --a
    C:\WINDOWS\system32\keystone.exe
    2006-08-11 21:43 311296 --a
    C:\WINDOWS\system32\nvexpbar.dll
    2006-08-11 21:43 286720 --a
    C:\WINDOWS\system32\nvnt4cpl.dll
    2006-08-11 21:43 196608 --a
    C:\WINDOWS\system32\nvapi.dll
    2006-08-11 21:43 1662976 --a
    C:\WINDOWS\system32\nvwdmcpl.dll
    2006-08-11 21:43 1519616 --a
    C:\WINDOWS\system32\nwiz.exe
    2006-08-11 21:43 1470464 --a
    C:\WINDOWS\system32\nview.dll
    2006-08-11 21:43 1339392 --a
    C:\WINDOWS\system32\nvdspsch.exe
    2006-08-11 21:43 1019904 --a
    C:\WINDOWS\system32\nvwimg.dll
    2006-08-11 21:43 1011712 --a
    C:\WINDOWS\system32\nvcpluir.dll
    2006-08-11 21:42 5636096 --a
    C:\WINDOWS\system32\nvoglnt.dll
    2006-08-11 21:42 4496128 --a
    C:\WINDOWS\system32\nv4_disp.dll
    2006-08-11 21:42 35840 --a
    C:\WINDOWS\system32\nvcodins.dll
    2006-08-11 21:42 35840 --a
    C:\WINDOWS\system32\nvcod.dll
    2006-08-11 21:42 155715 --a
    C:\WINDOWS\system32\nvsvc32.exe
    2006-07-21 04:24 72704 --a
    C:\WINDOWS\system32\hlink.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "Aim6"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Dell AIO Printer A940"="\"C:\\Program Files\\Dell AIO Printer A940\\dlbabmgr.exe\""
    "QveCtl2Tray"="C:\\Program Files\\Philips\\PSA2\\skin\\QveCplSk.EXE C:\\Program Files\\Philips\\PSA2\\skin"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,50,01,00,00,00,00,00,00,40,05,00,00,f8,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkve32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    Completion time: 06-10-21 10:14:26.33
    C:\ComboFix.txt ... 06-10-21 10:14
  • kcrazylegs
    edited October 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 10:21:01 AM, on 10/21/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\Scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\vebklybf.dll (file missing)
    O2 - BHO: (no name) - {ECCEE2BD-65F4-47D4-9CF8-74B375C0ED3B} - C:\WINDOWS\system32\vtsqr.dll (file missing)
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Run Hijack This again and have it do a system scan only. Put a check (tick) next to the following entries:


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\vebklybf.dll (file missing)
    O2 - BHO: (no name) - {ECCEE2BD-65F4-47D4-9CF8-74B375C0ED3B} - C:\WINDOWS\system32\vtsqr.dll (file missing)

    O20 - Winlogon Notify: winkve32 - winkve32.dll (file missing)

    Close all other browsers/windows and click Fix Checked. Close Hijack This. Reboot the PC and post a fresh Hijack This log.
  • kcrazylegs
    edited October 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 10:47:58 PM, on 10/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5700.0006)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CoolMon\CoolMon.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\Scanner.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Startup: CoolMon.lnk = C:\Program Files\CoolMon\CoolMon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159020909733
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159020897280
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AD21580C-67B2-4142-ABA7-74E175C549D4}: NameServer = 10.10.10.10
    O18 - Protocol: bw+0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E08B0123-9810-4FF9-8CAF-309CE95D6E24} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    The 2 R0 values showed back up after having set hijack this to fix them. I'm hopefully that is ok and it just reset the regisrty entries and wasn't supposed to delete them.

    Let em know,

    Ken
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    Yes it's OK that they came back. I just wanted to make sure they didn't have a hidden value assigned to them that we couldn't see. How is the PC running now? The log looks good.
  • kcrazylegs
    edited October 2006
    Everything seems to be in order. Havn't had any problems for the past few days. Thank you for all the help. Keep up the good work.
  • skywalker45skywalker45 Bloomington, IN. USA
    edited October 2006
    You're quite welcome. I will close this thread now. If you need further assistance please post a new thread. Read below for suggestions on staying clean:)

    Congratulations. Your log is clean! You should reward yourself very liberally! Now some pointers on how to stay clean and keep your sanity. You may be thinking now "how did I get infected?" Please read this great article: So how did I get infected in the first place.

    Next follow the instructions below to keep yourself free from infection.

    Disable and then enable system restore to purge infected restore points.

    Turn OFF System Restore.
    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click the System Restore tab.
    4. Check Turn off System Restore.
    5. Click Apply.
    6. Click OK.

    To enable system restore:
    1. Uncheck the box by Turn off system restore
    2. Click Apply.
    3. System restore is now on.
    4. Create a restore point by clicking Start--->All programs--->Accessories--->System tools--->System restore
    5. Select the bubble that says Create restore point. Then click Next.
    6. Give the restore point a meaningful name like post malware removal. Then click OK.

    Rehide hidden files and folders. During your fix if you were asked to "show hidden files and folders" you should go back now and re-hide them. You wouldn't want to accidentally delete important files. Follow the instructions below:
    • Click "Start".
    • Click "My Computer".
    • Select the "Tools" menu and click "Folder Options".
    • Select the "View" tab.
    • Under the "Hidden files and folders" heading, select "Do not show hidden files and folders".
    • Check the "Hide protected operating system files (recommended)" option.
    • Check the "Hide file extensions for known file types".
    • Click Apply then click "OK".


    Update with SP2 if you don't aleady have it.
    Visit Windows Update and follow the onscreen instructions to download and install SP2.
    This is a time consuming process, even with a fast connection. If you use a dial-up connection you should consider getting a FREE copy
    directly from Microsoft or get a friend with a fast connection to burn a copy of the upgrade to CD for you.

    Update the OS regularly

    Set up system to ensure a regular update of the Operating System.

    Manually:

    Visit Windows Update on a weekly/biweekly REGULAR basis.

    Automatically:
    1. On the Desktop, right-click My Computer.
    2. Click Properties.
    3. Click on Automatic Updates.
    4. Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
      Notify Me option so that you can download when you can afford the time and bandwidth overheads.
    5. Select the Day/Time of choice
    6. Click Apply
    7. Click OK


    Secure your web browser
    1. Open Internet Explorer and click on the Tools menu and then click on
      Security
    2. Click the Internet icon
    3. Click onCustom Level.
    4. Change the Download signed ActiveX controls to Prompt
    5. Change the Download unsigned ActiveX controls to Disable
    6. Change the Initialize and script ActiveX controls not marked as safe to Disable
    7. Change the Installation of desktop items to Prompt
    8. Change the Launching programs and files in an IFRAME to Prompt
    9. Change the Navigate sub-frames across different domains to Prompt
    10. Change the Allow paste operations via script to Disable
    11. Click on OK
    12. Save (if asked).
    13. Click on Applybutton
    14. Click on OK

    Alternatively you could use another browser such as
    Mozilla Firefox (My personal favorite!)
    Opera

    Get Some Protection
    The following programs are useful in the fight against Malware. Best of all, they're FREE.
    Download and install any or all . Be warned though ---- You must update regularly. Check once a week!
    • Ad-Aware SE - This is a
      program that scans for and removes known spyware from your machine.
    • Spybot Search &
      Destroy       -Similar to Ad-Aware but more configurable and incorporates Teatime, a memory resident utility that protects the system
      registry. I recommend
    • Spyware Blaster -
      It Prevents the addition of ActiveX Controls on your machines by
      isolating the system registry.
    A good Antiviral program is essential. The ones listed below are free. Please download and use ONE of these if you're not already running an Antivirus program:

    And Finally.........Lock the door with a Firewall. Windows XP comes with its own simple firewall but I prefer to substitute it with one of the below, again these are free:
    I wish you very happy, and most importantly, safe surfing on the information superhighway. Just remember it can be dangerous.
This discussion has been closed.