View Full Version : Troj.Printspool
jayescee316
2007-06-08, 22:21
Hi,
I've been doing the S&D scan for a couple of weeks now and the Troj.Printspool
has been showing up all the time and its starting to bother me. I have tried other virus scans and none of them work. PLEASEEEE HELP ME ! It will be very apprecitated :)
Heres my HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:12:36 PM, on 6/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\uqk.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jeremy\Local Settings\Temp\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [thiwzeohhbmo] C:\WINDOWS\System32\thiwzeohhbmo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dfhcy] C:\WINDOWS\System32\dfhcy.exe
O4 - HKLM\..\Run: [xmvzx] C:\WINDOWS\System32\xmvzx.exe
O4 - HKLM\..\Run: [vguxkqmgan] C:\WINDOWS\System32\vguxkqmgan.exe
O4 - HKLM\..\Run: [bhh] C:\WINDOWS\System32\bhh.exe
O4 - HKLM\..\Run: [zticvyml] C:\WINDOWS\System32\zticvyml.exe
O4 - HKLM\..\Run: [nmi] C:\WINDOWS\System32\nmi.exe
O4 - HKLM\..\Run: [iafsoaie] C:\WINDOWS\System32\iafsoaie.exe
O4 - HKLM\..\Run: [llorpyp] C:\WINDOWS\System32\llorpyp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ycdhvnic] C:\WINDOWS\System32\ycdhvnic.exe
O4 - HKLM\..\Run: [flm] C:\WINDOWS\System32\flm.exe
O4 - HKLM\..\Run: [citzavrgrg] C:\WINDOWS\System32\citzavrgrg.exe
O4 - HKLM\..\Run: [efukuuv] C:\WINDOWS\System32\efukuuv.exe
O4 - HKLM\..\Run: [uqk] C:\WINDOWS\System32\uqk.exe
O4 - HKLM\..\Run: [cbkdzj] C:\WINDOWS\System32\cbkdzj.exe
O4 - HKLM\..\Run: [mzhdjhup] C:\WINDOWS\System32\mzhdjhup.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [bhzdshcnxmny] C:\WINDOWS\System32\bhzdshcnxmny.exe
O4 - HKLM\..\Run: [timzmcoa] C:\WINDOWS\System32\timzmcoa.exe
O4 - HKLM\..\Run: [pzhqoenwoxu] C:\WINDOWS\System32\pzhqoenwoxu.exe
O4 - HKLM\..\Run: [elxfgozfpb] C:\WINDOWS\System32\elxfgozfpb.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\dfhcy.exe
Hi jayescee316
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
jayescee316
2007-06-09, 20:31
i guess ill reformat then
Hi
Then there are some guidance if needed -> http://www.theeldergeek.com/clean_installation_of_windows_xp.htm
jayescee316
2007-06-09, 21:00
Can we attempt to clean my computer first ? I'll take the risk, and if it comes back then I'll just reformat my computer. :)
THANK YOU LOTS !
Hi
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
jayescee316
2007-06-09, 21:48
Hi ,
Here is the Report.txt:
SDFix: Version 1.86
Run by Jeremy - Sat 06/09/2007 - 11:31:11.07
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system32\u.exe - Deleted
C:\WINDOWS\system32\z.exe - Deleted
Removing Temp Files...
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE
C:\WINDOWS\Help\aolsw.exe
Listing User Accounts:
User accounts for \\JEREMY-TGD0HDW6
Administrator ASPNET Guest
HelpAssistant Jeremy SUPPORT_388945a0
Finished
jayescee316
2007-06-09, 21:49
This is my new HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:41:17 AM, on 6/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\ik.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [thiwzeohhbmo] C:\WINDOWS\System32\thiwzeohhbmo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dfhcy] C:\WINDOWS\System32\dfhcy.exe
O4 - HKLM\..\Run: [xmvzx] C:\WINDOWS\System32\xmvzx.exe
O4 - HKLM\..\Run: [vguxkqmgan] C:\WINDOWS\System32\vguxkqmgan.exe
O4 - HKLM\..\Run: [bhh] C:\WINDOWS\System32\bhh.exe
O4 - HKLM\..\Run: [zticvyml] C:\WINDOWS\System32\zticvyml.exe
O4 - HKLM\..\Run: [nmi] C:\WINDOWS\System32\nmi.exe
O4 - HKLM\..\Run: [iafsoaie] C:\WINDOWS\System32\iafsoaie.exe
O4 - HKLM\..\Run: [llorpyp] C:\WINDOWS\System32\llorpyp.exe
O4 - HKLM\..\Run: [ycdhvnic] C:\WINDOWS\System32\ycdhvnic.exe
O4 - HKLM\..\Run: [flm] C:\WINDOWS\System32\flm.exe
O4 - HKLM\..\Run: [citzavrgrg] C:\WINDOWS\System32\citzavrgrg.exe
O4 - HKLM\..\Run: [efukuuv] C:\WINDOWS\System32\efukuuv.exe
O4 - HKLM\..\Run: [uqk] C:\WINDOWS\System32\uqk.exe
O4 - HKLM\..\Run: [cbkdzj] C:\WINDOWS\System32\cbkdzj.exe
O4 - HKLM\..\Run: [mzhdjhup] C:\WINDOWS\System32\mzhdjhup.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [bhzdshcnxmny] C:\WINDOWS\System32\bhzdshcnxmny.exe
O4 - HKLM\..\Run: [timzmcoa] C:\WINDOWS\System32\timzmcoa.exe
O4 - HKLM\..\Run: [pzhqoenwoxu] C:\WINDOWS\System32\pzhqoenwoxu.exe
O4 - HKLM\..\Run: [elxfgozfpb] C:\WINDOWS\System32\elxfgozfpb.exe
O4 - HKLM\..\Run: [jgwqkncd] C:\WINDOWS\System32\jgwqkncd.exe
O4 - HKLM\..\Run: [qqpqg] C:\WINDOWS\System32\qqpqg.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ik] C:\WINDOWS\System32\ik.exe
O4 - HKLM\..\RunServices: [ik] C:\WINDOWS\System32\ik.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ik.exe
Hi
Ok, no help as I expected.
Open HijackThis, click do a system scan only and checkmark these(include also all other 04 lines with O4 - HKLM\..\Run: [random] C:\WINDOWS\System32\random.exe)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [thiwzeohhbmo] C:\WINDOWS\System32\thiwzeohhbmo.exe
O4 - HKLM\..\Run: [dfhcy] C:\WINDOWS\System32\dfhcy.exe
O4 - HKLM\..\Run: [xmvzx] C:\WINDOWS\System32\xmvzx.exe
O4 - HKLM\..\Run: [vguxkqmgan] C:\WINDOWS\System32\vguxkqmgan.exe
O4 - HKLM\..\Run: [bhh] C:\WINDOWS\System32\bhh.exe
O4 - HKLM\..\Run: [zticvyml] C:\WINDOWS\System32\zticvyml.exe
O4 - HKLM\..\Run: [nmi] C:\WINDOWS\System32\nmi.exe
O4 - HKLM\..\Run: [iafsoaie] C:\WINDOWS\System32\iafsoaie.exe
O4 - HKLM\..\Run: [llorpyp] C:\WINDOWS\System32\llorpyp.exe
O4 - HKLM\..\Run: [ycdhvnic] C:\WINDOWS\System32\ycdhvnic.exe
O4 - HKLM\..\Run: [flm] C:\WINDOWS\System32\flm.exe
O4 - HKLM\..\Run: [citzavrgrg] C:\WINDOWS\System32\citzavrgrg.exe
O4 - HKLM\..\Run: [efukuuv] C:\WINDOWS\System32\efukuuv.exe
O4 - HKLM\..\Run: [uqk] C:\WINDOWS\System32\uqk.exe
O4 - HKLM\..\Run: [cbkdzj] C:\WINDOWS\System32\cbkdzj.exe
O4 - HKLM\..\Run: [mzhdjhup] C:\WINDOWS\System32\mzhdjhup.exe
C:\WINDOWS\System32\bhzdshcnxmny.exe
O4 - HKLM\..\Run: [timzmcoa] C:\WINDOWS\System32\timzmcoa.exe
O4 - HKLM\..\Run: [pzhqoenwoxu] C:\WINDOWS\System32\pzhqoenwoxu.exe
O4 - HKLM\..\Run: [elxfgozfpb] C:\WINDOWS\System32\elxfgozfpb.exe
O4 - HKLM\..\Run: [jgwqkncd] C:\WINDOWS\System32\jgwqkncd.exe
O4 - HKLM\..\Run: [qqpqg] C:\WINDOWS\System32\qqpqg.exe
O4 - HKLM\..\Run: [ik] C:\WINDOWS\System32\ik.exe
O4 - HKLM\..\RunServices: [ik] C:\WINDOWS\System32\ik.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ik.exe (this part might be different -> u9i5uuoyxak3qeu and file name, too. Anyway, you should find a line with "Print Spooler Service")
Close all windows including browser and press fix checked.
Please download the Killbox (http://download.bleepingcomputer.com/spyware/KillBox.exe).
Save it to the desktop.
Please run Killbox.
Select "Delete on Reboot" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\thiwzeohhbmo.exe
C:\WINDOWS\System32\dfhcy.exe
C:\WINDOWS\System32\xmvzx.exe
C:\WINDOWS\System32\vguxkqmgan.exe
C:\WINDOWS\System32\bhh.exe
C:\WINDOWS\System32\zticvyml.exe
C:\WINDOWS\System32\nmi.exe
C:\WINDOWS\System32\iafsoaie.exe
C:\WINDOWS\System32\llorpyp.exe
C:\WINDOWS\System32\ycdhvnic.exe
C:\WINDOWS\System32\flm.exe
C:\WINDOWS\System32\citzavrgrg.exe
C:\WINDOWS\System32\efukuuv.exe
C:\WINDOWS\System32\uqk.exe
C:\WINDOWS\System32\cbkdzj.exe
C:\WINDOWS\System32\mzhdjhup.exe
C:\WINDOWS\System32\bhzdshcnxmny.exe
C:\WINDOWS\System32\timzmcoa.exe
C:\WINDOWS\System32\pzhqoenwoxu.exe
C:\WINDOWS\System32\elxfgozfpb.exe
C:\WINDOWS\System32\jgwqkncd.exe
C:\WINDOWS\System32\qqpqg.exe
C:\WINDOWS\System32\ik.exe
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
If your computer does not restart automatically, please restart it manually.
Post a fresh HijackThis log.
jayescee316
2007-06-10, 19:50
Here's the new HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:49:23 AM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\rdysn.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\Run: [rdysn] C:\WINDOWS\System32\rdysn.exe
O4 - HKLM\..\RunServices: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\RunServices: [rdysn] C:\WINDOWS\System32\rdysn.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\rdysn.exe
Hi
Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Print Spooler Service (u9i5uuoyxak3qeu) this part might be different -> u9i5uuoyxak3qeu)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete u9i5uuoyxak3qe (if the name in the brackets is something else, use that one)
Click: OK
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\Run: [rdysn] C:\WINDOWS\System32\rdysn.exe
O4 - HKLM\..\RunServices: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\RunServices: [rdysn] C:\WINDOWS\System32\rdysn.exe
Close all windows including browser and press fix checked.
Please run Killbox.
Select "Standard file kill" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\kvgrw.exe
C:\WINDOWS\System32\rdysn.exe
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
Reboot
Post a fresh HijackThis log.
jayescee316
2007-06-10, 20:41
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:39:41 AM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\zaitbnq.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O4 - HKLM\..\RunServices: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\zaitbnq.exe
Hi
A bit progress there.
Press ctrl+alt+del, find zaitbnq.exe and click "End Process"
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O4 - HKLM\..\RunServices: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\zaitbnq.exe
Close all windows including browser and press fix checked.
Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Print Spooler Service (u9i5uuoyxak3qeu) this part might be different -> u9i5uuoyxak3qeu)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete u9i5uuoyxak3qeu (if the name in the brackets is something else, use that one)
Click: OK
Please run Killbox.
Select "Standard file kill" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\zaitbnq.exe
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Reboot
Post a fresh HijackThis log.
jayescee316
2007-06-10, 21:01
Thank you for you're help !
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:01:04 AM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\ph.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKLM\..\RunServices: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ph.exe
Hi
Please download APT (http://www.diamondcs.com.au/index.php?page=apt) and unzip the contents to a new folder on your desktop.
Open the folder you just created and click on apt.exe and search in the window for ph.exe.
Open your C:\Windows\system32 folder and search for ph.exe. Don't delete it yet, just leave the system32 folder open so you can see the bad file.
In APT again, Select ph.exe and Click Kill3
Then immediately delete ph.exe from your system32 folder.
Close APT.
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKLM\..\RunServices: [ph] C:\WINDOWS\System32\ph.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ph.exe
Close all windows including browser and press fix checked.
Reboot
Post a fresh HijackThis log.
jayescee316
2007-06-10, 21:39
SORRY , but I am having trouble trying to open APT, and it is saying "The procedure GetShockObject could not be located in the DLL GDI32.DLL"
Hi
Then we use another tool.
First run a scan with HijackThis and take a look at current filename, you can see it from 023 line.
Download Process Explorer from http://download.sysinternals.com/Files/ProcessExplorer.zip
Run Process Explorer and find the Process in the list of Processes:
ph.exe
Select the process and click Process > Suspend.
Then in HijackThis click Config > Misc Tools > Delete a file on reboot...
In the explorer Window select the file C:\WINDOWS\System32\ph.exe
When prompted if you want to reboot click YES
Leave Process explorer running with the process suspended.
After the reboot check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
O4 - HKLM\..\Run: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKLM\..\RunServices: [ph] C:\WINDOWS\System32\ph.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ph.exe
Post a fresh HijackThis log
jayescee316
2007-06-11, 22:44
Sorry for the late response, I was at school.
Heres my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:44:00 PM, on 6/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\qnnvfbor.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O4 - HKLM\..\RunServices: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\qnnvfbor.exe
Hi
Well that doesn't seem to work at all.
1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Post:
- a fresh HijackThis log
- combofix report
- cureit log
jayescee316
2007-06-13, 20:48
Sorry for the late response again, here is my Combofix log:
ComboFix 07-06-13.3 - C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe
"Jeremy" - 2007-06-13 10:01:34 - Service Pack 1 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-12 22:05 <DIR> d-------- C:\DOCUME~1\Jeremy\DoctorWeb
2007-06-12 21:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 12:41 103,424 --a------ C:\WINDOWS\system32\qnnvfbor.exe
2007-06-10 18:50 99,328 --a------ C:\WINDOWS\system32\odbtnj.exe
2007-06-10 15:23 107,520 --a------ C:\WINDOWS\system32\jcmqiqjur.exe
2007-06-10 14:18 103,424 --a------ C:\WINDOWS\system32\olpb.exe
2007-06-10 09:44 <DIR> d-------- C:\!KillBox
2007-06-10 07:54 103,424 --a------ C:\WINDOWS\system32\xf.exe
2007-06-09 19:10 91,136 --a------ C:\WINDOWS\system32\xnwozhwyx.exe
2007-06-09 10:36 1,157 --a------ C:\WINDOWS\mozver.dat
2007-06-09 10:36 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Snapfish
2007-06-09 07:19 99,328 --a------ C:\WINDOWS\system32\ctplimu.exe
2007-06-08 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-08 16:37 103,424 --a------ C:\WINDOWS\system32\ffx.exe
2007-06-08 11:50 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-08 11:50 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-06-08 11:50 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-08 11:50 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-07 21:20 91,136 --a------ C:\WINDOWS\system32\jjh.exe
2007-06-07 21:08 <DIR> d-------- C:\EPSON
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\bits
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-06-07 21:07 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Viewpoint
2007-06-07 21:05 <DIR> d-------- C:\DOCUME~1\Jeremy\Shared
2007-06-07 20:48 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-07 20:06 <DIR> d-------- C:\WINDOWS\pss
2007-06-07 19:46 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-07 18:10 99,328 --a------ C:\WINDOWS\system32\emzlvzjw.exe
2007-06-07 17:29 99,328 --a------ C:\WINDOWS\system32\udix.exe
2007-06-07 17:25 99,328 --a------ C:\WINDOWS\system32\luqyediyynnm.exe
2007-06-07 14:10 99,328 --a------ C:\WINDOWS\system32\quzdnvgaunjk.exe
2007-06-05 15:29 66,560 --a------ C:\WINDOWS\system32\py.exe
2007-06-05 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-06-05 15:27 66,560 --a------ C:\WINDOWS\system32\otueczblcmab.exe
2007-06-04 15:53 66,560 --a------ C:\WINDOWS\system32\dpzkkn.exe
2007-06-03 19:16 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-06-03 19:16 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2007-06-03 19:16 <DIR> d-------- C:\Program Files\ArcSoft
2007-06-03 19:15 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-06-03 19:15 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-06-03 19:15 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-06-03 19:15 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-06-03 19:15 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-06-03 19:15 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-06-03 19:15 <DIR> d-------- C:\Program Files\Common Files\Python
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EEBUtil.dll
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-06-03 19:14 54,272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll
2007-06-03 19:14 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-06-03 19:14 122,880 --a------ C:\WINDOWS\system32\EEBAPI.dll
2007-06-03 19:14 102,400 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2007-06-03 19:14 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-06-03 19:13 90,112 --a------ C:\WINDOWS\system32\epcomdd.dll
2007-06-03 19:13 86,016 --a------ C:\WINDOWS\system32\epfb5cpl.dll
2007-06-03 19:13 77,824 --a------ C:\WINDOWS\system32\Esintpl.dll
2007-06-03 19:13 53,248 --a------ C:\WINDOWS\system32\esicm.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgd.dll
2007-06-03 19:13 35,840 --a------ C:\WINDOWS\system32\escwian.dll
2007-06-03 19:13 33,280 --a------ C:\WINDOWS\system32\esccm.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiad.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiab.dll
2007-06-03 19:13 27,648 --a------ C:\WINDOWS\system32\escimg.dll
2007-06-03 19:13 23,552 --a------ C:\WINDOWS\system32\esccmn.dll
2007-06-03 19:13 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2007-06-03 19:13 184,320 --a------ C:\WINDOWS\system32\esdtr.dll
2007-06-03 19:13 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-03 19:13 126,976 --a------ C:\WINDOWS\system32\Esint23.dll
2007-06-03 19:13 <DIR> d-------- C:\Program Files\EPSON
2007-06-02 23:13 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-02 23:13 <DIR> d-------- C:\Program Files\AIM
2007-06-02 21:06 66,560 --a------ C:\WINDOWS\system32\sd.exe
2007-06-02 21:06 66,560 --a------ C:\WINDOWS\system32\cfxfhlwkp.exe
2007-06-02 12:31 66,560 --a------ C:\WINDOWS\system32\ca.exe
2007-06-02 12:25 66,560 --a------ C:\WINDOWS\system32\alhn.exe
2007-06-02 12:17 66,560 --a------ C:\WINDOWS\system32\ww.exe
2007-06-02 09:11 <DIR> d-------- C:\Program Files\Steam
2007-06-02 08:33 66,560 --a------ C:\WINDOWS\system32\guvckfm.exe
2007-06-02 08:33 62,464 --a------ C:\WINDOWS\system32\skuedcoe.exe
2007-06-01 16:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-01 16:29 66,560 --a------ C:\WINDOWS\system32\jsqypn.exe
2007-05-30 15:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-30 15:45 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-05-30 15:45 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-05-30 15:45 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-30 15:45 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-30 15:44 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-30 15:44 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-30 15:44 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-30 15:44 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-30 15:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-29 19:17 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Aim
2007-05-29 16:59 <DIR> d-------- C:\Program Files\AOD
2007-05-29 16:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-28 20:47 <DIR> d-------- C:\WINDOWS\ShellNew
2007-05-28 20:44 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-28 20:44 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2006
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-08 23:40:38 -------- d-----w C:\Program Files\Messenger
2007-06-08 03:51:13 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-04 02:16:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-30 22:44:38 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-13 01:53:12 -------- d-----w C:\Program Files\Realtek
2007-05-13 01:50:47 -------- d-----w C:\Program Files\NVIDIA Corporation
2007-05-13 01:50:16 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\InstallShield
2007-05-13 01:42:21 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-13 01:42:13 0 --sha-r C:\MSDOS.SYS
2007-05-13 01:42:13 0 --sha-r C:\IO.SYS
2007-05-13 01:42:13 0 ----a-w C:\CONFIG.SYS
2007-05-13 01:42:13 0 ----a-w C:\AUTOEXEC.BAT
2007-05-13 01:41:12 -------- d-----w C:\Program Files\Movie Maker
2007-05-13 01:40:41 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-13 01:40:12 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 01:40:09 -------- d-----w C:\Program Files\Online Services
2007-05-13 01:40:02 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-13 01:39:59 -------- d-----w C:\Program Files\Windows NT
2007-05-12 18:35:17 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-12 18:35:15 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-21 16:20]
"Steam"="c:\program files\steam\steam.exe" [2007-06-02 09:11]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-09-25 04:28]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 16:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"qnnvfbor"=C:\WINDOWS\System32\qnnvfbor.exe
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 10:02:07
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-13 10:02:27
C:\ComboFix2.txt ... 2007-06-12 21:44
--- E O F ---
jayescee316
2007-06-13, 20:53
I don't know why, but I can't post my cureit log...
Here's my HJT Log though:
Logfile of HijackThis v1.99.1
Scan saved at 10:52:39 AM, on 6/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\qnnvfbor.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O4 - HKLM\..\RunServices: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\qnnvfbor.exe
Hi
"I don't know why, but I can't post my cureit log..."
What error message it gives you?
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O4 - HKLM\..\RunServices: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\qnnvfbor.exe
Close all windows inclluding browser and press fix checked.
Please run Killbox.
Select "Delete on Reboot" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\qnnvfbor.exe
C:\WINDOWS\system32\odbtnj.exe
C:\WINDOWS\system32\jcmqiqjur.exe
C:\WINDOWS\system32\olpb.exe
C:\WINDOWS\system32\xf.exe
C:\WINDOWS\system32\xnwozhwyx.exe
C:\WINDOWS\system32\ctplimu.exe
C:\WINDOWS\system32\ffx.exe
C:\WINDOWS\system32\jjh.exe
C:\WINDOWS\system32\emzlvzjw.exe
C:\WINDOWS\system32\udix.exe
C:\WINDOWS\system32\luqyediyynnm.exe
C:\WINDOWS\system32\quzdnvgaunjk.exe
C:\WINDOWS\system32\py.exe
C:\WINDOWS\system32\otueczblcmab.exe
C:\WINDOWS\system32\dpzkkn.exe
C:\WINDOWS\system32\sd.exe
C:\WINDOWS\system32\cfxfhlwkp.exe
C:\WINDOWS\system32\ca.exe
C:\WINDOWS\system32\alhn.exe
C:\WINDOWS\system32\ww.exe
C:\WINDOWS\system32\guvckfm.exe
C:\WINDOWS\system32\skuedcoe.exe
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
If your computer does not restart automatically, please restart it manually.
Re-run combofix
Post:
- a fresh HijackThis log
- combofix report
jayescee316
2007-06-13, 21:14
Sorry for being such a hassle to you
Here's my HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:11:15 AM, on 6/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\qnnvfbor.exe (file missing)
And if I am being a hassle then you can stop helping me. Its okay, and ill go and just reformat my computer.
jayescee316
2007-06-13, 21:15
My Combofix Log:
ComboFix 07-06-13.3 - C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe
"Jeremy" - 2007-06-13 11:06:53 - Service Pack 1 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-13 10:47 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Uniblue
2007-06-12 22:05 <DIR> d-------- C:\DOCUME~1\Jeremy\DoctorWeb
2007-06-12 21:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 09:44 <DIR> d-------- C:\!KillBox
2007-06-09 10:36 1,157 --a------ C:\WINDOWS\mozver.dat
2007-06-09 10:36 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Snapfish
2007-06-08 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-08 11:50 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-08 11:50 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-06-08 11:50 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-08 11:50 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-08 11:49 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-06-07 21:08 <DIR> d-------- C:\EPSON
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\bits
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-06-07 21:07 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Viewpoint
2007-06-07 21:05 <DIR> d-------- C:\DOCUME~1\Jeremy\Shared
2007-06-07 20:48 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-07 20:06 <DIR> d-------- C:\WINDOWS\pss
2007-06-07 19:46 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-05 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-06-03 19:16 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-06-03 19:16 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2007-06-03 19:16 <DIR> d-------- C:\Program Files\ArcSoft
2007-06-03 19:15 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-06-03 19:15 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-06-03 19:15 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-06-03 19:15 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-06-03 19:15 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-06-03 19:15 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-06-03 19:15 <DIR> d-------- C:\Program Files\Common Files\Python
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EEBUtil.dll
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-06-03 19:14 54,272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll
2007-06-03 19:14 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-06-03 19:14 122,880 --a------ C:\WINDOWS\system32\EEBAPI.dll
2007-06-03 19:14 102,400 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2007-06-03 19:14 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-06-03 19:13 90,112 --a------ C:\WINDOWS\system32\epcomdd.dll
2007-06-03 19:13 86,016 --a------ C:\WINDOWS\system32\epfb5cpl.dll
2007-06-03 19:13 77,824 --a------ C:\WINDOWS\system32\Esintpl.dll
2007-06-03 19:13 53,248 --a------ C:\WINDOWS\system32\esicm.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgd.dll
2007-06-03 19:13 35,840 --a------ C:\WINDOWS\system32\escwian.dll
2007-06-03 19:13 33,280 --a------ C:\WINDOWS\system32\esccm.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiad.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiab.dll
2007-06-03 19:13 27,648 --a------ C:\WINDOWS\system32\escimg.dll
2007-06-03 19:13 23,552 --a------ C:\WINDOWS\system32\esccmn.dll
2007-06-03 19:13 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2007-06-03 19:13 184,320 --a------ C:\WINDOWS\system32\esdtr.dll
2007-06-03 19:13 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-03 19:13 126,976 --a------ C:\WINDOWS\system32\Esint23.dll
2007-06-03 19:13 <DIR> d-------- C:\Program Files\EPSON
2007-06-02 23:13 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-02 23:13 <DIR> d-------- C:\Program Files\AIM
2007-06-02 09:11 <DIR> d-------- C:\Program Files\Steam
2007-06-01 16:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-01 16:29 66,560 --a------ C:\WINDOWS\system32\jsqypn.exe
2007-05-30 15:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-30 15:45 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-05-30 15:45 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-05-30 15:45 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-30 15:45 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-30 15:44 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-30 15:44 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-30 15:44 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-30 15:44 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-30 15:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-29 19:17 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Aim
2007-05-29 16:59 <DIR> d-------- C:\Program Files\AOD
2007-05-29 16:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-28 20:47 <DIR> d-------- C:\WINDOWS\ShellNew
2007-05-28 20:44 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-28 20:44 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2006
2007-05-28 20:41 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-28 20:40 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-28 19:59 <DIR> d-------- C:\DOCUME~1\Jeremy\Incomplete
2007-05-28 19:59 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\LimeWire
2007-05-22 15:40 <DIR> d---s---- C:\DOCUME~1\Jeremy\UserData
2007-05-21 16:21 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Logitech
2007-05-21 16:20 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-05-21 16:20 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-05-21 16:20 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-05-21 16:20 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-05-21 16:20 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-21 16:19 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-05-21 16:19 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-05-21 16:19 52,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-05-21 16:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-21 16:19 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2007-05-21 16:19 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-05-21 16:19 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-21 16:19 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-05-21 16:19 <DIR> d-------- C:\Program Files\Logitech
2007-05-21 16:19 <DIR> d-------- C:\Program Files\Common Files\Logitech
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-08 23:40:38 -------- d-----w C:\Program Files\Messenger
2007-06-08 03:51:13 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-04 02:16:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-30 22:44:38 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-13 01:53:12 -------- d-----w C:\Program Files\Realtek
2007-05-13 01:50:47 -------- d-----w C:\Program Files\NVIDIA Corporation
2007-05-13 01:50:16 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\InstallShield
2007-05-13 01:42:21 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-13 01:42:13 0 --sha-r C:\MSDOS.SYS
2007-05-13 01:42:13 0 --sha-r C:\IO.SYS
2007-05-13 01:42:13 0 ----a-w C:\CONFIG.SYS
2007-05-13 01:42:13 0 ----a-w C:\AUTOEXEC.BAT
2007-05-13 01:41:12 -------- d-----w C:\Program Files\Movie Maker
2007-05-13 01:40:41 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-13 01:40:12 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 01:40:09 -------- d-----w C:\Program Files\Online Services
2007-05-13 01:40:02 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-13 01:39:59 -------- d-----w C:\Program Files\Windows NT
2007-05-12 18:35:17 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-12 18:35:15 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-21 16:20]
"Steam"="c:\program files\steam\steam.exe" [2007-06-02 09:11]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-09-25 04:28]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 16:18]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
*Newly Created Service* - SPUPDSVC
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 11:07:46
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-13 11:08:17
C:\ComboFix2.txt ... 2007-06-13 10:02
C:\ComboFix3.txt ... 2007-06-12 21:44
--- E O F ---
Hi
Great it seemed to work :bigthumb:
No, you are not pain to me, your infection was just a very difficult one(it mutated).
Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Print Spooler Service (u9i5uuoyxak3qeu)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete u9i5uuoyxak3qeu
Click: OK
Reboot
Post a fresh HijackThis log.
jayescee316
2007-06-15, 00:11
Thank you for all you're help so far, and I really appreciate it. :)
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:11:10 PM, on 6/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\vheuyykgyxou.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vheuyykgyxou] C:\WINDOWS\System32\vheuyykgyxou.exe
O4 - HKLM\..\RunServices: [vheuyykgyxou] C:\WINDOWS\System32\vheuyykgyxou.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\vheuyykgyxou.exe
Hi
It's back :sad:
It's essential that you keep computer disconnected from internet as much as possible or we won't get you cleaned.
Re-run combofix
Post:
- a fresh HijackThis log
- combofix report
jayescee316
2007-06-15, 20:16
Isn't it that if you disconnect the computer from the internet then I don't get to go online ? Or do I have to keep unplugging and plugging my modem ? Am I suppose to be running in safe mode ?
Here's my Combofix Log:
ComboFix 07-06-13.3 - C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe
"Jeremy" - 2007-06-15 10:10:58 - Service Pack 1 NTFS
((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))
2007-06-13 22:47 148,480 --a------ C:\WINDOWS\system32\vheuyykgyxou.exe
2007-06-13 10:47 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Uniblue
2007-06-12 22:05 <DIR> d-------- C:\DOCUME~1\Jeremy\DoctorWeb
2007-06-12 21:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-10 09:44 <DIR> d-------- C:\!KillBox
2007-06-09 10:36 1,157 --a------ C:\WINDOWS\mozver.dat
2007-06-09 10:36 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Snapfish
2007-06-08 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-08 11:50 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-08 11:50 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-06-08 11:50 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-08 11:50 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-07 21:08 <DIR> d-------- C:\EPSON
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\bits
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-06-07 21:07 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Viewpoint
2007-06-07 21:05 <DIR> d-------- C:\DOCUME~1\Jeremy\Shared
2007-06-07 20:48 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-07 20:06 <DIR> d-------- C:\WINDOWS\pss
2007-06-07 19:46 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-05 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-06-03 19:16 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-06-03 19:16 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2007-06-03 19:16 <DIR> d-------- C:\Program Files\ArcSoft
2007-06-03 19:15 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-06-03 19:15 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-06-03 19:15 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-06-03 19:15 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-06-03 19:15 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-06-03 19:15 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-06-03 19:15 <DIR> d-------- C:\Program Files\Common Files\Python
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EEBUtil.dll
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-06-03 19:14 54,272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll
2007-06-03 19:14 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-06-03 19:14 122,880 --a------ C:\WINDOWS\system32\EEBAPI.dll
2007-06-03 19:14 102,400 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2007-06-03 19:14 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-06-03 19:13 90,112 --a------ C:\WINDOWS\system32\epcomdd.dll
2007-06-03 19:13 86,016 --a------ C:\WINDOWS\system32\epfb5cpl.dll
2007-06-03 19:13 77,824 --a------ C:\WINDOWS\system32\Esintpl.dll
2007-06-03 19:13 53,248 --a------ C:\WINDOWS\system32\esicm.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgd.dll
2007-06-03 19:13 35,840 --a------ C:\WINDOWS\system32\escwian.dll
2007-06-03 19:13 33,280 --a------ C:\WINDOWS\system32\esccm.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiad.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiab.dll
2007-06-03 19:13 27,648 --a------ C:\WINDOWS\system32\escimg.dll
2007-06-03 19:13 23,552 --a------ C:\WINDOWS\system32\esccmn.dll
2007-06-03 19:13 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2007-06-03 19:13 184,320 --a------ C:\WINDOWS\system32\esdtr.dll
2007-06-03 19:13 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-03 19:13 126,976 --a------ C:\WINDOWS\system32\Esint23.dll
2007-06-03 19:13 <DIR> d-------- C:\Program Files\EPSON
2007-06-02 23:13 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-02 23:13 <DIR> d-------- C:\Program Files\AIM
2007-06-02 09:11 <DIR> d-------- C:\Program Files\Steam
2007-06-01 16:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-01 16:29 66,560 --a------ C:\WINDOWS\system32\jsqypn.exe
2007-05-30 15:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-30 15:45 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-05-30 15:45 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-05-30 15:45 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-30 15:45 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-30 15:44 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-30 15:44 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-30 15:44 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-30 15:44 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-30 15:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-29 19:17 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Aim
2007-05-29 16:59 <DIR> d-------- C:\Program Files\AOD
2007-05-29 16:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-28 20:47 <DIR> d-------- C:\WINDOWS\ShellNew
2007-05-28 20:44 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-28 20:44 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2006
2007-05-28 20:41 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-28 20:40 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-05-28 19:59 <DIR> d-------- C:\DOCUME~1\Jeremy\Incomplete
2007-05-28 19:59 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\LimeWire
2007-05-22 15:40 <DIR> d---s---- C:\DOCUME~1\Jeremy\UserData
2007-05-21 16:21 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Logitech
2007-05-21 16:20 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-05-21 16:20 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2007-05-21 16:20 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-05-21 16:20 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-05-21 16:20 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-21 16:19 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-05-21 16:19 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-05-21 16:19 52,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-05-21 16:19 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-21 16:19 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2007-05-21 16:19 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-05-21 16:19 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-21 16:19 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-05-21 16:19 <DIR> d-------- C:\Program Files\Logitech
2007-05-21 16:19 <DIR> d-------- C:\Program Files\Common Files\Logitech
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-08 23:40:38 -------- d-----w C:\Program Files\Messenger
2007-06-08 03:51:13 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-04 02:16:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-30 22:44:38 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-13 01:53:12 -------- d-----w C:\Program Files\Realtek
2007-05-13 01:50:47 -------- d-----w C:\Program Files\NVIDIA Corporation
2007-05-13 01:50:16 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\InstallShield
2007-05-13 01:42:21 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-13 01:42:13 0 --sha-r C:\MSDOS.SYS
2007-05-13 01:42:13 0 --sha-r C:\IO.SYS
2007-05-13 01:42:13 0 ----a-w C:\CONFIG.SYS
2007-05-13 01:42:13 0 ----a-w C:\AUTOEXEC.BAT
2007-05-13 01:41:12 -------- d-----w C:\Program Files\Movie Maker
2007-05-13 01:40:41 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-13 01:40:12 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 01:40:09 -------- d-----w C:\Program Files\Online Services
2007-05-13 01:40:02 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-13 01:39:59 -------- d-----w C:\Program Files\Windows NT
2007-05-12 18:35:17 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-12 18:35:15 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-21 16:20]
"Steam"="c:\program files\steam\steam.exe" [2007-06-02 09:11]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-09-25 04:28]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 16:18]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"vheuyykgyxou"=C:\WINDOWS\System32\vheuyykgyxou.exe
*Newly Created Service* - U9I5UUOYXAK3QEU
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 10:11:20
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-15 10:11:46
C:\ComboFix2.txt ... 2007-06-13 11:08
C:\ComboFix3.txt ... 2007-06-13 10:02
--- E O F ---
Hi
"Or do I have to keep unplugging and plugging my modem ?"
Yes
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [vheuyykgyxou] C:\WINDOWS\System32\vheuyykgyxou.exe
O4 - HKLM\..\RunServices: [vheuyykgyxou] C:\WINDOWS\System32\vheuyykgyxou.exe
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\vheuyykgyxou.exe
Close all windows including browser and press fix checked.
Please run Killbox.
Select "Delete on Reboot" and "All files"
Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\vheuyykgyxou.exe
C:\WINDOWS\Help\aolsw.exe
C:\WINDOWS\system32\jsqypn.exe
Go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try TheKillbox again..
If your computer does not restart automatically, please restart it manually.
Post a fresh HijackThis log.
jayescee316
2007-06-15, 20:31
Sorry if its taking to long to clean my computer :(
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:30:45 AM, on 6/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\vheuyykgyxou.exe (file missing)
Hi
Partial success
1. Please download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 to your Desktop. Click on Avenger.zip to open the file Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete:
C:\WINDOWS\Help\aolsw.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
jayescee316
2007-06-15, 22:41
Here's my avenger Log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xtssxiew
*******************
Script file located at: \??\C:\Program Files\rekapxhi.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\Help\aolsw.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:41:04 PM, on 6/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\vheuyykgyxou.exe (file missing)
Hi
Looking better :)
Please click Start > Run and type in: services.msc
Click OK
In the Services window find: AOL Spy Watch (LD-AOL-Spy_Watchv1)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK
Repeat step for Print Spooler Service (u9i5uuoyxak3qeu).
Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete LD-AOL-Spy_Watchv1
Click: OK
Repeat step for u9i5uuoyxak3qeu.
Reboot.
Post a fresh HijackThis log.
jayescee316
2007-06-16, 20:43
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:42:40 AM, on 6/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Hi
Now some progress :)
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Post:
- a fresh HijackThis log
- kaspersky report
jayescee316
2007-06-17, 01:27
Here is my Kaspersky Scan results:
Saturday, June 16, 2007 3:24:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 16/06/2007
Kaspersky Anti-Virus database records: 326036
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 49030
Number of viruses found 1
Number of infected objects 57
Number of suspicious objects 0
Duration of the scan process 03:44:34
Infected Object Name Virus Name Last Action
C:\!KillBox\bhh.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\citzavrgrg.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\dfhcy.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\flm.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\iafsoaie.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\llorpyp.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\nmi.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\thiwzeohhbmo.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\vguxkqmgan.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\xmvzx.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\ycdhvnic.exe Infected: Trojan.Win32.Agent.ame skipped
C:\!KillBox\zticvyml.exe Infected: Trojan.Win32.Agent.ame skipped
C:\Documents and Settings\Jeremy\Application Data\Aim\rejrejx\cert8.db Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Aim\rejrejx\key3.db Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\history.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\key3.db Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jeremy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\5n63gdli.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jeremy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\storydb.idx Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\counter-strike.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\half-life engine.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\half-life.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\platform.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\sourceinit.gcf Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\Program Files\Steam\SteamLogs\SteamStats.log Object is locked skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033578.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033579.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033580.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033581.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033582.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033583.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033584.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033585.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033586.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033587.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033588.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033589.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP145\change.log Object is locked skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP35\A0017595.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP35\A0017712.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP35\A0018830.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0019000.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0019064.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0019181.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0020299.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020331.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020358.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020423.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020540.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0021658.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021673.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021680.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021692.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021719.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021784.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021901.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0023019.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP69\A0028164.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029795.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029796.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029907.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029910.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029924.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029925.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029926.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029927.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029932.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029933.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029976.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0030092.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0031197.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
jayescee316
2007-06-17, 01:28
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 3:28:12 PM, on 6/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Hi
Looks like we're close to victory :bigthumb:
Empty this folder:
C:\!KillBox\
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
jayescee316
2007-06-18, 03:04
Dang Shaba you are to cool :cool:
Here's my Kaspersky Scan Log:
Sunday, June 17, 2007 5:01:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 17/06/2007
Kaspersky Anti-Virus database records: 326213
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 48227
Number of viruses found 1
Number of infected objects 57
Number of suspicious objects 0
Duration of the scan process 03:27:41
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Jeremy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\History\History.IE5\MSHist012007061720070618\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeremy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jeremy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Jeremy\Data\storydb.idx Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\Program Files\Steam\SteamLogs\SteamStats.log Object is locked skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033578.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033579.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033580.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033581.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033582.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033583.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033584.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033585.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033586.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033587.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033588.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP133\A0033589.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035501.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035506.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035508.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035514.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035516.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035522.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035525.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035537.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035541.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035544.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035546.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\A0035548.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP146\change.log Object is locked skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP35\A0017595.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP35\A0017712.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP35\A0018830.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0019000.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0019064.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0019181.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP36\A0020299.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020331.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020358.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020423.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0020540.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP37\A0021658.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021673.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021680.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021692.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021719.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021784.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0021901.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP38\A0023019.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP69\A0028164.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029795.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029796.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029907.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029910.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029924.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029925.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029926.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029927.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029932.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029933.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0029976.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0030092.exe Infected: Trojan.Win32.Agent.ame skipped
C:\System Volume Information\_restore{31F8EA36-5AAF-453D-BAD5-6B0B3086B1DB}\RP71\A0031197.exe Infected: Trojan.Win32.Agent.ame skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
jayescee316
2007-06-18, 03:06
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 5:03:48 PM, on 6/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Ventrilo\Ventrilo -m.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Hi
Next step is to install firewall and antivirus:
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
Looking over your log, it seems you don't have any evidence of a third party firewall.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
After thos steps, please post a fresh HijackThis log :)
jayescee316
2007-06-18, 20:21
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:21:39 AM, on 6/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Hi
You did install firewall, good.
But you didn't install any antivirus, why?
It will prevent you from re-infections.
Please do that now and after that, please post a fresh HijackThis log
jayescee316
2007-06-18, 20:31
I forgot to finish the setup :oops:
Here's my fresh HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 10:31:15 AM, on 6/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Hi
That's ok :)
That looks good.
Still problems?
jayescee316
2007-06-18, 20:39
Everything seems to be going very well and my computer is running faster than ever !!!!!!!
Thank you for your help Shaba and I really appreciate it :)
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
jayescee316
2007-06-19, 12:56
Ughhh , this is gonna be a random post. It is 2:56 AM in San Francisco,CA and im tired
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.