hi, I'm new here and need some help. I got Virtumonde.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:23, on 21/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\gaalhkxw.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - .DEFAULT User Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183397750078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183397730984
O18 - Protocol: bw+0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 19907 bytes

hi untraceablesmurf,

download and run combofix:


(by sUBs) from one of the following links:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it to the Desktop.
Double-click combofix.exe and follow the prompts.

CAUTION: Do not mouse-click ComboFix's window while it is running.
It may cause it to stall.

When finished, it produces a log.

Please provide the contents of the ComboFix log in your reply.
----------------------
shelf life

heres the log.
ComboFix 07-08-17.2 - "paul" 2007-08-22 5:58:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1273 [GMT 1:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jynxfjue.dll


((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))


2007-08-22 05:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-21 17:36 6,473 ---hs---- C:\WINDOWS\system32\ghhkj.bak1
2007-08-21 17:36 298,080 --a------ C:\WINDOWS\system32\jkhhg.dll
2007-08-21 17:25 <DIR> d-------- C:\VundoFix Backups
2007-08-21 16:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-21 16:36 87,616 --a------ C:\WINDOWS\system32\gaalhkxw.dll
2007-08-21 16:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-21 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-21 16:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Xfire
2007-08-21 16:01 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Hamachi
2007-08-21 16:00 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-20 22:35 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-20 22:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-20 22:34 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-20 06:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-20 05:26 87,616 --a------ C:\WINDOWS\system32\xhoplbeg.dll
2007-08-19 19:11 <DIR> d-------- C:\NovaLogic
2007-08-19 17:17 94,720 --a------ C:\WINDOWS\system32\drvjos.dll
2007-08-19 17:17 43,542 --a------ C:\WINDOWS\system32\qomjkki.dll
2007-08-19 17:17 43,542 --a------ C:\WINDOWS\system32\khfggge.dll
2007-08-19 17:17 15,360 --a------ C:\WINDOWS\system32\drvjosr.dll
2007-08-19 15:46 <DIR> d-------- C:\ProgramData
2007-08-19 15:46 <DIR> d-------- C:\Program Files\Electronic Arts
2007-08-12 01:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-12 00:44 <DIR> d-------- C:\Program Files\Railroad Tycoon 3
2007-08-11 10:32 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-08-11 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-08-10 21:06 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
2007-08-09 17:51 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-08-09 17:51 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-08-09 17:51 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-09 17:50 <DIR> d-------- C:\Program Files\America's Army Server Manager
2007-08-09 17:46 <DIR> d-------- C:\Program Files\America's Army
2007-08-07 19:40 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
2007-08-04 23:20 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-08-04 23:20 <DIR> d-------- C:\Program Files\Winamp
2007-08-04 23:14 <DIR> d-------- C:\Program Files\SHOUTcast
2007-07-28 13:39 <DIR> d-------- C:\Program Files\LimeWire
2007-07-28 12:34 <DIR> d-------- C:\DOCUME~1\paul\Incomplete
2007-07-28 12:34 <DIR> d-------- C:\DOCUME~1\paul\APPLIC~1\LimeWire


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-22 06:06 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-22 06:05 --------- d-------- C:\Program Files\BOINC
2007-08-20 22:36 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-20 22:36 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-19 17:28 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Xfire
2007-08-19 16:37 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\DrekSoftware
2007-08-19 15:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-19 00:15 --------- d-------- C:\Program Files\TrackMania Nations ESWC
2007-08-17 04:26 --------- d---s---- C:\Program Files\Xfire
2007-08-12 00:19 --------- d-------- C:\Program Files\Camfrog
2007-08-02 16:55 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-07-28 14:29 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Ahead
2007-07-15 12:39 0 --a------ C:\Program Files\gditst
2007-07-12 21:31 --------- d-------- C:\Program Files\Lavalys
2007-07-10 19:23 --------- d-------- C:\Program Files\BF2G15Mod
2007-07-10 18:55 --------- d-------- C:\Program Files\Schmads Inc
2007-07-10 18:10 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-07-10 18:10 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-07-10 18:10 --------- d-------- C:\Program Files\Common Files\Logitech
2007-07-10 18:02 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Logitech
2007-07-10 17:58 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-07-10 17:58 --------- d-------- C:\Program Files\Logitech
2007-07-08 12:23 --------- d-------- C:\Program Files\nLite
2007-07-08 12:14 --------- d-------- C:\Program Files\winxp slip
2007-07-07 13:33 --------- d-------- C:\Program Files\BitTornado
2007-07-07 13:33 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\.BitTornado
2007-07-04 22:06 422656 --a------ C:\WINDOWS\boinc.scr
2007-07-04 18:32 --------- d-------- C:\Program Files\WolfRAT
2007-07-03 17:19 --------- d-------- C:\Program Files\rename
2007-07-03 15:04 --------- d-------- C:\Program Files\FlashFXP
2007-07-02 20:20 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2007-07-02 20:20 2378 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2007-07-02 19:08 --------- d-------- C:\Program Files\MSN Messenger
2007-07-02 18:56 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-07-02 18:49 --------- d-------- C:\Program Files\Messenger
2007-06-29 20:35 --------- d-------- C:\Program Files\EMS
2007-06-26 10:15 262912 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2007-06-25 20:59 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-25 20:53 --------- d-------- C:\Program Files\Microsoft Works
2007-06-24 22:27 --------- d-------- C:\Program Files\boincview
2007-06-24 20:23 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
2007-06-24 20:10 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Camfrog
2007-06-24 19:23 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Leadertech
2007-06-24 19:21 --------- d-------- C:\Program Files\NovaLogic
2007-06-24 18:58 --------- d-------- C:\Program Files\EA GAMES
2007-06-24 18:47 51600 --a------ C:\WINDOWS\system32\RadLightMPCUninstall.exe
2007-06-24 18:47 49604 --a------ C:\WINDOWS\system32\RadLightOFRUninstall.exe
2007-06-24 18:47 --------- d-------- C:\Program Files\SHOUTcast Source
2007-06-24 18:47 --------- d-------- C:\Program Files\OpenSource OGG Splitter
2007-06-24 18:47 --------- d-------- C:\Program Files\Monkey Audio Source Filter
2007-06-24 18:47 --------- d-------- C:\Program Files\DS-MP3 Source
2007-06-24 18:46 33533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2007-06-24 18:46 --------- d-------- C:\Program Files\CDXA Image Reader Filter (SVCDXCD)
2007-06-24 18:46 --------- d-------- C:\Program Files\CD Audio Reader Filter
2007-06-24 18:46 --------- d-------- C:\Program Files\AC3+DTS XForm
2007-06-24 18:43 --------- d-------- C:\Program Files\Combined Community Codec Pack
2007-06-24 18:37 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-06-24 18:37 --------- d-------- C:\Program Files\Common Files\L&H
2007-06-24 18:36 --------- d-------- C:\Program Files\Microsoft.NET
2007-06-24 17:56 --------- d-------- C:\Program Files\NVIDIA Corporation
2007-06-24 17:56 --------- d-------- C:\Program Files\Common Files\NVIDIA Shared
2007-06-24 17:56 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-24 17:31 --------- d-------- C:\Program Files\ts admin
2007-06-24 17:05 --------- d-------- C:\Program Files\Teamspeak2_RC2
2007-06-24 17:05 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\teamspeak2
2007-06-24 16:52 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\IsolatedStorage
2007-06-24 16:50 --------- d-------- C:\Program Files\Symantec
2007-06-24 16:45 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\GrabIt
2007-06-24 16:43 --------- d-------- C:\Program Files\QuickPar
2007-06-24 16:33 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-24 16:29 --------- d-------- C:\Program Files\Nero
2007-06-24 16:22 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-06-24 16:22 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-06-24 16:22 48768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-24 16:22 110952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-24 16:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-24 16:19 --------- d-------- C:\Program Files\DAEMON Tools
2007-06-24 16:18 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-24 16:16 --------- d-------- C:\Program Files\GrabIt
2007-06-24 15:49 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Thunderbird
2007-06-24 15:49 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Talkback
2007-06-24 14:51 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-24 14:51 --------- d-------- C:\Program Files\Common Files\ODBC
2007-06-24 14:37 --------- d-------- C:\DOCUME~1\paul\APPLIC~1\Hamachi
2007-06-24 14:25 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-06-24 14:06 --------- d-------- C:\Program Files\Windows NT
2007-06-24 14:06 --------- d-------- C:\Program Files\RealVNC
2007-06-24 14:06 --------- d-------- C:\Program Files\msn gaming zone
2007-06-24 14:06 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-24 14:05 26056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-06-24 14:04 --------- d-------- C:\Program Files\AC3Filter
2007-06-24 14:04 --------- d-------- C:\Program Files\7-Zip
2007-06-24 14:03 0 -rahs---- C:\MSDOS.SYS
2007-06-24 14:03 0 -rahs---- C:\IO.SYS
2007-06-24 14:03 0 --a------ C:\Config.sys
2007-06-24 14:03 0 --a------ C:\Autoexec.bat
2007-06-24 14:02 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-24 14:01 --------- d-------- C:\Program Files\Movie Maker
2007-06-24 14:01 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-24 14:00 --------- d-------- C:\Program Files\Internet


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2763DE85-226F-4F57-817D-F63BD09E21DD}]
2007-08-21 17:36 298080 --a------ C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3029DA84-5AF4-45BA-BB32-AF667C9A0C02}]
C:\WINDOWS\system32\jkkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}]
2007-08-19 17:17 43542 --a------ C:\WINDOWS\system32\qomjkki.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 C:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-11-22 17:20]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-04-07 10:37]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"MSOffice"="C:\WINDOWS\system32\gaalhkxw.dll" [2007-08-21 16:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-10 17:58]
"EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2007-04-05 00:00]
"EA Core"="C:\Program Files\Electronic Arts\EA Link\Core.exe" [2007-07-19 08:02]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

C:\Documents and Settings\paul\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-07-04 22:06:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-10 18:10:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4}"= C:\WINDOWS\system32\qomjkki.dll [2007-08-19 17:17 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhg]
C:\WINDOWS\system32\jkhhg.dll 2007-08-21 17:36 298080 C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjkki]
qomjkki.dll 2007-08-19 17:17 43542 C:\WINDOWS\system32\qomjkki.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmxw32]
winmxw32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService WebClient LmHosts RemoteRegistry upnphost SSDPSRV

*Newly Created Service* - EVERESTDRIVER

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-22 06:05:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-22 6:07:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-22 06:07

--- E O F ---
i got work now so will be back in about 10 hours, i have a online virus scan report if you want it.

hi untraceablesmurf,

thanks for the info, next try vundofix:

download and run vundofix.exe:

http://www.atribune.org/ccount/click.php?id=4

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

shelf life

VundoFix V6.5.7

Checking Java version...

Scan started at 06:27:02 23/08/2007

Listing files found while scanning....

C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\jkhhg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\ghhkj.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\jkhhg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:35:58, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2763DE85-226F-4F57-817D-F63BD09E21DD} - C:\WINDOWS\system32\jkhhg.dll (file missing)
O2 - BHO: (no name) - {3029DA84-5AF4-45BA-BB32-AF667C9A0C02} - C:\WINDOWS\system32\jkkjj.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4} - C:\WINDOWS\system32\qomjkki.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSOffice] rundll32.exe "C:\WINDOWS\system32\gaalhkxw.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - .DEFAULT User Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183397750078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183397730984
O18 - Protocol: bw+0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0AE27253-01D7-462B-B5B2-CD825BA89954} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: qomjkki - C:\WINDOWS\SYSTEM32\qomjkki.dll
O20 - Winlogon Notify: winmxw32 - winmxw32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 20217 bytes

Thanks for your help but I'm going to re-install windows as i finally found the disks i need.
thanks again.

hi untraceablesmurf,


Thanks for your help but I'm going to re-install windows no problem. see link below for some tips on prevention.

happy safe surfing

shelf life