Options
Random IE windows, SLOW computer...
My computer takes 10 minutes to boot up now, used to take 2. I get some weird a.exe DOD boxes (b.exe, c.exe) etc. also.
Also, when doing searches and/or going from one page to another on any site I have random EI windows that open advertising travel, medicine, any number of things. While writing this post I've had 4 windows open (AdMedia, SetTheTrend, and others)
I've scanned with AVAST 2 times, nothing found. I've ran NoAdware and it finds things but every time I run it they are all back. I took AVAST off the system and loaded Kapersky Anti-Virus and it found things but I STILL have the same problem! My computer is rapidly becoming unusable, it is MEGA SLOW.
I spent last night (10+ hours) running anti-virus scans, adware/malware scans and fixes, and nothing seems to help.
Does anyone know what this is and what to do about it?
I appreciate help if someone can provide it!
Also, when doing searches and/or going from one page to another on any site I have random EI windows that open advertising travel, medicine, any number of things. While writing this post I've had 4 windows open (AdMedia, SetTheTrend, and others)
I've scanned with AVAST 2 times, nothing found. I've ran NoAdware and it finds things but every time I run it they are all back. I took AVAST off the system and loaded Kapersky Anti-Virus and it found things but I STILL have the same problem! My computer is rapidly becoming unusable, it is MEGA SLOW.
I spent last night (10+ hours) running anti-virus scans, adware/malware scans and fixes, and nothing seems to help.
Does anyone know what this is and what to do about it?
I appreciate help if someone can provide it!
0
Comments
* Save HijackThis.exe to your desktop.
* Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
* Then rename HijackThis.exe to Scanner.exe
* Run Scanner.exe
* Click on the Do a system scan and save a log file -button. It will scan and then ask you to save the log.
* Click Save to save the log file and then the log will open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
* Come back here to this thread and Paste the log in your next reply.
* DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Logfile of HijackThis v1.99.1
Scan saved at 2:31:19 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\Anylyze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\system32\ssqnlmn.dll
O2 - BHO: (no name) - {2D5172EC-63A4-42DE-93A5-FA51D7C723F5} - C:\WINDOWS\system32\pmkjj.dll
O2 - BHO: {c790d0e8-3bc7-ecc9-fbf4-0620ca66a704} - {407a66ac-0260-4fbf-9cce-7cb38e0d097c} - C:\WINDOWS\system32\trnuocvo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MagniBar] "C:\fsf\magnibar\magnibar.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a4f4bf77] rundll32.exe "C:\WINDOWS\system32\tepgngel.dll",b
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FollowUpXpert] C:\Program Files\FollowUpXpert\FollowUpXpert.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AllChars.lnk = C:\Program Files\AllChars\AllChars.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://70.234.26.230/ActiveView.cab
O16 - DPF: {6A673E5A-98F2-43E0-85E9-ED8683B1E274} - http://bar.xhollywood.com/download/xhollywood.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - [URL]file://E:\Program[/URL] Files\OpenCube\Visual QuickMenu Pro\program\comdlg32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: bw+0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: ssqnlmn - C:\WINDOWS\SYSTEM32\ssqnlmn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
- Finally paste the contents of the Report.txt back on the forum
1. Download combofix from one of these links:(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Please post a fresh HijackThis log, ComboFix log and SDFix log.
SDFix
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll installable Virtual Device Driver failed Dll initialization. Choose 'close' to terminate the application.
Also SDfix said:
The process cannot access this file because it is being used by another process. The system cannot find the file TEST10.txt, TEST11.txt,TEST12.txt, TEST472.txt, TEST530.txt, TEST539.txt, and TEST567.txt.
Following are the log files:
SDFix: Version 1.113
Run by user on Mon 11/05/2007 at 07:04 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\svchost.exe - Deleted
C:\WINDOWS\Fonts\svchost.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 19:28:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x7600\x7f2\x7600\x7f2\1"
"DeviceDesc"="\x7600\x7f2\x7600\x7f2\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x674"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"d:\software\drivers\chipset_inf\sbdrv\sbdrv\smbus\smbusati.inf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000027
"TracesSuccessful"=dword:00000006
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Finished!
==================================================
ComboFix 07-11-01.1** - user 2007-11-05 19:32:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.435 [GMT -7:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\pmkjj.dll
.
((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.
2007-11-05 18:23 <DIR> d
C:\WINDOWS\ERUNT
2007-11-04 19:37 <DIR> d
C:\Program Files\AllToAVI
2007-11-04 13:46 3,518 --a
C:\WINDOWS\system32\tmp.reg
2007-11-04 10:45 <DIR> d
C:\VundoFix Backups
2007-11-03 22:55 78,912 --a
C:\WINDOWS\system32\trnuocvo.dll
2007-11-03 17:49 82,061 --a
C:\WINDOWS\system32\drivers\klick.dat
2007-11-03 17:49 81,549 --a
C:\WINDOWS\system32\drivers\klin.dat
2007-11-03 17:46 <DIR> d
C:\Program Files\Kaspersky Lab
2007-11-03 17:46 <DIR> d
C:\KAV
2007-11-03 17:46 <DIR> d
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-03 17:46 13,853,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-03 17:46 88,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-02 18:30 <DIR> d
C:\Program Files\Ultra Video Splitter
2007-11-02 18:30 <DIR> d
C:\Program Files\Common Files\Download Manager
2007-11-01 22:16 <DIR> d
C:\iSofterOutput
2007-11-01 22:10 <DIR> d
C:\Program Files\iSofter
2007-11-01 07:24 28,672 --a
C:\Documents and Settings\user\iexplorer.exe
2007-11-01 00:00 51,200 --a
C:\WINDOWS\NirCmd.exe
2007-10-31 23:07 <DIR> d
C:\WINDOWS\system32\Cleaner Support
2007-10-31 23:07 <DIR> d
C:\Program Files\Lavasoft
2007-10-31 23:07 <DIR> d
C:\Program Files\Cleaner 5 EZ
2007-10-31 20:57 <DIR> d
C:\Program Files\NoAdware5.0
2007-10-29 22:06 <DIR> d
C:\iFtpSvc
2007-10-29 21:44 32,256 --a
C:\WINDOWS\system32\ssqnlmn.dll
2007-10-29 18:27 <DIR> d--h
C:\Documents and Settings\All Users\Application Data\{5059ADFF-3AD5-4ED4-BB56-53CF23F26888}
2007-10-29 18:07 <DIR> d
C:\Program Files\GetData
2007-10-28 18:55 28,672 --a
C:\Documents and Settings\user\update.exe
2007-10-27 17:34 147,456 --a
C:\WINDOWS\system32\vbzip10.dll
2007-10-27 11:23 137,728 --a
C:\WINDOWS\UNNSTALL.EXE
2007-10-27 11:20 <DIR> d
C:\Final Effects AP
2007-10-27 11:19 <DIR> d
C:\Program Files\directx
2007-10-27 09:03 <DIR> d
C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-27 09:03 14,165 --a
C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-27 08:54 352,256 --a
C:\WINDOWS\eSellerateEngine.dll
2007-10-14 21:09 <DIR> d
C:\Program Files\HTML Email Preparation Tool V.1
2007-10-13 16:24 <DIR> d
C:\Program Files\WinMX Music
2007-10-13 16:24 <DIR> d
C:\Documents and Settings\user\Application Data\WinMX Music
2007-10-08 13:27 <DIR> d
C:\Intel Desktop Board
2007-10-08 13:23 <DIR> d
C:\Intel
2007-10-06 18:37 <DIR> d--h
C:\WINDOWS\PIF
2007-10-06 09:29 <DIR> d
C:\HubbIntDataSI
2007-10-06 09:27 50 --a
C:\WINDOWS\system32\winssi32.dll
2007-10-06 09:26 <DIR> d
C:\Program Files\Stock Investor
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-06 02:46 190,508 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-06 02:46 11,372 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-06 00:56
d
w C:\Program Files\LogMeIn
2007-11-04 21:17
d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 16:12
d
w C:\Documents and Settings\user\Application Data\MP3Rocket
2007-11-01 06:07
d
w C:\Documents and Settings\user\Application Data\Lavasoft
2007-11-01 05:29
d
w C:\Program Files\Instant Buzz
2007-10-30 05:06
d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 16:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-28 00:34 278,532 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-10-27 06:27
d
w C:\Program Files\JetAudio
2007-10-27 02:39
d
w C:\Program Files\Webteh
2007-10-18 23:37
d
w C:\Program Files\eFax Messenger Plus 3.3
2007-10-18 00:32
d
w C:\Program Files\Travelaxe
2007-10-07 01:58
d
w C:\Documents and Settings\user\Application Data\IBP
2007-09-30 21:51
d
w C:\Program Files\Common Files\L&H
2007-09-30 21:50
d
w C:\Program Files\Microsoft.NET
2007-09-30 21:50
d
w C:\Program Files\Microsoft Works
2007-09-30 21:50
d
w C:\Program Files\Microsoft ActiveSync
2007-09-29 01:49
d
w C:\Program Files\acar
2007-09-28 04:54
d
w C:\Program Files\Common Files\Adobe
2007-09-22 03:16
d
w C:\Program Files\Joost
2007-09-21 19:52
d
w C:\Program Files\Your Uninstaller 2006
2007-09-21 19:49
d
w C:\Documents and Settings\user\Application Data\URSoft
2007-09-21 19:36
d
w C:\Program Files\Realtek
2007-09-21 03:35
d
w C:\Program Files\Ahead
2007-09-21 03:33
d
w C:\Program Files\Common Files\Ahead
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2005-11-26 22:40:47 8 --sha-r C:\WINDOWS\system32\fgxp8.dll
.
((((((((((((((((((((((((((((( [EMAIL="snapshot@2007-11-04_13.27.43.87"]snapshot@2007-11-04_13.27.43.87[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-04 01:46:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-06 01:50:57 10,072,064 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-11-06 01:50:57 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-04 01:46:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-06 01:23:53 10,072,064 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-11-06 01:23:53 143,360 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-11-06 02:47:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}]
2007-10-29 21:44 32256 --a
C:\WINDOWS\system32\ssqnlmn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{407a66ac-0260-4fbf-9cce-7cb38e0d097c}]
2007-11-03 22:55 78912 --a
C:\WINDOWS\system32\trnuocvo.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-08-19 20:56 C:\WINDOWS\system32\VTTimer.exe]
"Resume copy"="copyfstq.exe" [2005-02-16 15:10 C:\WINDOWS\copyfstq.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 02:50 C:\WINDOWS\LOGI_MWX.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]
"MagniBar"="C:\fsf\magnibar\magnibar.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 03:43]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-02-27 08:02]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 18:51 C:\WINDOWS\RTHDCPL.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-25 19:37]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-30 21:51]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 03:50]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"IBP"="" []
"FollowUpXpert"="C:\Program Files\FollowUpXpert\FollowUpXpert.exe" []
"DW4"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-19 00:40:55]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
AllChars.lnk - C:\Program Files\AllChars\AllChars.exe [2007-07-25 20:28:46]
eFax Live Menu 3.3.lnk - C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe [2004-07-23 00:46:42]
eFax Tray Menu 3.3.lnk - C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe [2004-07-23 00:44:32]
gwum.lnk - C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe [2006-12-03 14:24:47]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]
"{25997E08-274A-4217-8F71-C89C754242C1}"= C:\WINDOWS\system32\ssqnlmn.dll [2007-10-29 21:44 32256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnlmn]
ssqnlmn.dll 2007-10-29 21:44 32256 C:\WINDOWS\system32\ssqnlmn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutq.dll
R0 HPT302;HPT302;C:\WINDOWS\system32\DRIVERS\HPT302.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32
R3 WMIBIOS;%WMIBIOS.ServiceName%;C:\WINDOWS\system32\Drivers\wmibios.sys
R3 WMIINFO;WMIINFO Driver;C:\WINDOWS\system32\Drivers\wmiinfo.sys
S0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys
S0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
S3 huadio;huadio;\??\c:\huadio.tmp
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys
.
Contents of the 'Scheduled Tasks' folder
"2005-03-07 03:23:59 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~SCOTT user.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-03-07 03:23:59 C:\WINDOWS\Tasks\2 Copernic Daily ~SCOTT user.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-03-07 03:23:59 C:\WINDOWS\Tasks\3 Copernic Weekly ~SCOTT user.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-03-07 03:23:59 C:\WINDOWS\Tasks\4 Copernic Monthly ~SCOTT user.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2007-11-06 02:47:10 C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job"
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 19:48:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-05 19:55:15 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-04 13:29
.
--- E O F ---
==============================================
Logfile of HijackThis v1.99.1
Scan saved at 7:58:44 PM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AllChars\AllChars.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\Anylyze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\system32\ssqnlmn.dll
O2 - BHO: {c790d0e8-3bc7-ecc9-fbf4-0620ca66a704} - {407a66ac-0260-4fbf-9cce-7cb38e0d097c} - C:\WINDOWS\system32\trnuocvo.dll
O2 - BHO: (no name) - {4D70700F-9D68-4305-B72D-37ECF30A362C} - C:\WINDOWS\system32\vtutq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MagniBar] "C:\fsf\magnibar\magnibar.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FollowUpXpert] C:\Program Files\FollowUpXpert\FollowUpXpert.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AllChars.lnk = C:\Program Files\AllChars\AllChars.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab
O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - http://70.234.26.230/ActiveView.cab
O16 - DPF: {6A673E5A-98F2-43E0-85E9-ED8683B1E274} - http://bar.xhollywood.com/download/xhollywood.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - [URL]file://E:\Program[/URL] Files\OpenCube\Visual QuickMenu Pro\program\comdlg32.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O18 - Protocol: bw+0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {922F3123-9480-4DE2-B547-6BA4FCD2A19D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: ssqnlmn - C:\WINDOWS\SYSTEM32\ssqnlmn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
===============================================
Thanks again.
You have two(Kaspersky antivirus 7.0 and Avast) antivirus software in your computer and that cause problems, so please delete other
Please Send this file to virustotal and post results to your next reply:
- When you are the virustotal.
- Press Browse button.
- Find this file - C:\WINDOWS\UNNSTALL.EXE
- When you are to find a file, press Open.
- Press Send.
- Post the results to your next reply.
Do the same to these files:C:\WINDOWS\system32\fgxp8.dll
C:\fsf\magnibar\magnibar.exe
C:\Program Files\FollowUpXpert\FollowUpXpert.exe
C:\WINDOWS\Tasks\3 Copernic Weekly ~SCOTT user.job
Open notepad and copy/paste the text in the quotebox below into it:
File:: C:\WINDOWS\system32\trnuocvo.dll C:\Documents and Settings\user\iexplorer.exe C:\WINDOWS\system32\ssqnlmn.dll C:\Documents and Settings\user\update.exe C:\WINDOWS\system32\vbzip10.dll C:\WINDOWS\eSellerateEngine.dll C:\WINDOWS\system32\winssi32.dll C:\WINDOWS\system32\trnuocvo.dll C:\WINDOWS\system32\vtutq.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00Save this as "CFScript"Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Open HijackThis, press Do a system scan only, checkmark these lines:
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINDOWS\system32\ssqnlmn.dll
O2 - BHO: {c790d0e8-3bc7-ecc9-fbf4-0620ca66a704} - {407a66ac-0260-4fbf-9cce-7cb38e0d097c} - C:\WINDOWS\system32\trnuocvo.dll
O2 - BHO: (no name) - {4D70700F-9D68-4305-B72D-37ECF30A362C} - C:\WINDOWS\system32\vtutq.dll
O16 - DPF: {6A673E5A-98F2-43E0-85E9-ED8683B1E274} - http://bar.xhollywood.com/download/xhollywood.cab
O20 - Winlogon Notify: ssqnlmn - C:\WINDOWS\SYSTEM32\ssqnlmn.dll
Then close ALL windows including browser and press Fix checked.
Please post a fresh HijackThis log, Combofix log and virustotal results.