Dunno what it is, but it's beastly aggravating. Websites and forums such as this are blocked from access, google links redirect, spybot cannot open, avg cannot access updates...hijackthis and malware bytes cannot be installed. Had to get the zip file of hijackthis to grab this log. I am on my laptop, I emailed myself the log and posting here.

Another thing I tried was putting a registry in the HKLM RunOnce...to boot up spybot on startup, but it would not work. It would boot up, spybot wouldn't appear, however when I brought up the task manager the process was running. Just hung there indefinitely, so I killed the process and it continued with the rest of startup. Anywho...log below. I really appreciate any assistance, thanks.


Logfile of HijackThis v1.99.1
Scan saved at 6:49:33 PM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0073A0FE-1C2C-47B5-AB28-F2351159F69b} - C:\WINDOWS\system32\vtlfvqxc.dll
O2 - BHO: (no name) - {0EA0008A-8BEC-4205-8385-3D517ADB9470} - (no file)
O2 - BHO: (no name) - {309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64C55EEE-3272-4C07-B3EE-6D83EE4FB482} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C8B7CD33-8035-4847-94BF-04F39A5D9047} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151730454\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BM430e0571] Rundll32.exe "C:\WINDOWS\system32\xmcuxbtx.dll",s
O4 - HKLM\..\Run: [403d36ed] rundll32.exe "C:\WINDOWS\system32\rdrabhpm.dll",b
O4 - HKLM\..\RunOnce: [Spybotsnd] "C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.1.20/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-6.0.1.20/peaks/peaks-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144201717921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} (Launcher Class) - http://app.gomtv.com/gomtv/gomtvx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: rxlizm.dll,gjdqcx.dll txkzly.dll olasal.dll omvkin.dll ygdiwr.dll vpynga.dll mlhrxl.dll xjatpx.dll ggkhzd.dll uhnezs.dll wxeaag.dll fefsuo.dll fawbhi.dll eyrqdr.dll mlmegb.dll afxnpk.dll eofseo.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Hi ThirteenPercent

Your HijackThis is outdated.

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Apologies, updated logfile using HijackThis 2.0.2 =)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:10 PM, on 12/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Documents and Settings\Rob\Application Data\U3\00001853E4737015\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {0073A0FE-1C2C-47B5-AB28-F2351159F69b} - C:\WINDOWS\system32\vtlfvqxc.dll
O2 - BHO: (no name) - {0EA0008A-8BEC-4205-8385-3D517ADB9470} - (no file)
O2 - BHO: (no name) - {309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64C55EEE-3272-4C07-B3EE-6D83EE4FB482} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C8B7CD33-8035-4847-94BF-04F39A5D9047} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151730454\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BM430e0571] Rundll32.exe "C:\WINDOWS\system32\xmcuxbtx.dll",s
O4 - HKLM\..\Run: [403d36ed] rundll32.exe "C:\WINDOWS\system32\rdrabhpm.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Opera\program\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.1.20/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.com/applet-6.0.1.20/peaks/peaks-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144201717921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} (Launcher Class) - http://app.gomtv.com/gomtv/gomtvx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bw+0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {37BD5555-B047-4FF5-8761-39B28104C910} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: rxlizm.dll,gjdqcx.dll txkzly.dll olasal.dll omvkin.dll ygdiwr.dll vpynga.dll mlhrxl.dll xjatpx.dll ggkhzd.dll uhnezs.dll wxeaag.dll fefsuo.dll fawbhi.dll eyrqdr.dll mlmegb.dll afxnpk.dll eofseo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1 (http://subs.geekstogo.com/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I downloaded combofix from my laptop and transferred to my desktop via usb drive and then attempted running it. Each time it would just hang, like all the other programs.

I tried running it in normal mode, safe mode, and first thing on startup, all with the same result.

Is there any other way to work around this? Or what should we try next?

Thanks Shaba. =)

Scratch the above post...re-naming ComboFix.exe worked just fine. Doh.

I apologize for not making sure the Recovery console was installed. It would always fail to download the files, even though I had an open internet connection. I got the feeling that the malware was blocking this aswell, and ComboFix just continued on without downloading.

ComboFix 08-12-16.03 - Rob 2008-12-16 16:09:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.470 [GMT -8:00]
Running from: c:\documents and settings\Rob\Desktop\cf.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Microsoft Common
c:\program files\Microsoft Common\svchost.exe
c:\program files\mm.BOT
c:\program files\mm.BOT\Config\mm.BOT.ini
c:\program files\mm.BOT\Config\mm.BOT.Sequences.ini
c:\program files\mm.BOT\Config\mm.BotState.ini
c:\program files\mm.BOT\Config\mm.MultiKeys.ini
c:\program files\mm.BOT\Config\mm.PKID.ini
c:\program files\mm.BOT\Config\mm.PlayKeys.ini
c:\program files\mm.BOT\Config\mmcl.PKID.Compiler.exe
c:\program files\mm.BOT\Config\System\d2-cdkey.exe
c:\program files\mm.BOT\Config\System\listfile.dat
c:\program files\mm.BOT\Config\System\LMPQAPI.DLL
c:\program files\mm.BOT\Config\System\mm.Boxes.Ref.ini
c:\program files\mm.BOT\Config\System\mm.PKID.Ref
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.CH
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.ID
c:\program files\mm.BOT\Config\System\mm.PKID.Usr.PK
c:\program files\mm.BOT\Config\System\MPQ2K.exe
c:\program files\mm.BOT\Config\System\Process.exe
c:\program files\mm.BOT\Config\System\SFmpq.dll
c:\program files\mm.BOT\Config\System\staredit.exe
c:\program files\mm.BOT\Config\System\Storm.dll
c:\program files\mm.BOT\Documents\Htm\BasicEditing.htm
c:\program files\mm.BOT\Documents\Htm\FAQ.htm
c:\program files\mm.BOT\Documents\Htm\img\bar.jpg
c:\program files\mm.BOT\Documents\Htm\img\Desktop.jpg
c:\program files\mm.BOT\Documents\Htm\img\favicon.ico
c:\program files\mm.BOT\Documents\Htm\img\mmbotlogo.jpg
c:\program files\mm.BOT\Documents\Htm\img\Notepad.ico
c:\program files\mm.BOT\Documents\Htm\img\Pindle.jpg
c:\program files\mm.BOT\Documents\Htm\img\Program.ico
c:\program files\mm.BOT\Documents\Htm\img\Screenshot054.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot065.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot072.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot090.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot101.jpg
c:\program files\mm.BOT\Documents\Htm\img\Screenshot169.jpg
c:\program files\mm.BOT\Documents\Htm\img\Thumbs.db
c:\program files\mm.BOT\Documents\Htm\img\Update.ico
c:\program files\mm.BOT\Documents\Htm\Installation.htm
c:\program files\mm.BOT\Documents\Htm\KeysSwapping.htm
c:\program files\mm.BOT\Documents\Htm\Links.htm
c:\program files\mm.BOT\Documents\Htm\LMenu.htm
c:\program files\mm.BOT\Documents\Htm\MainPage.htm
c:\program files\mm.BOT\Documents\Htm\MMisSexy.pdf
c:\program files\mm.BOT\Documents\Htm\PKID.ByGroups.htm
c:\program files\mm.BOT\Documents\Htm\PKID.ByItems.htm
c:\program files\mm.BOT\Documents\Htm\PkIdListing.htm
c:\program files\mm.BOT\Documents\Htm\PkIdSamples.htm
c:\program files\mm.BOT\Documents\Htm\PkIdSyntax.htm
c:\program files\mm.BOT\Documents\Htm\SeqCommands.htm
c:\program files\mm.BOT\Documents\Htm\SeqExamples.htm
c:\program files\mm.BOT\Documents\mm.BOT.History.txt
c:\program files\mm.BOT\Documents\mobsync.ico
c:\program files\mm.BOT\Documents\Notepad.ico
c:\program files\mm.BOT\Logs\_STATS.ini
c:\program files\mm.BOT\Logs\ArchiveCurrent.exe
c:\program files\mm.BOT\Logs\Compiler.txt
c:\program files\mm.BOT\Logs\DeleteCurrent.exe
c:\program files\mm.BOT\Logs\Events_Bot.txt
c:\program files\mm.BOT\Logs\Good_Items.txt
c:\program files\mm.BOT\Logs\MMnews.ini
c:\program files\mm.BOT\Logs\MMstatus.ini
c:\program files\mm.BOT\Logs\Picked_Items.txt
c:\program files\mm.BOT\Logs\ScanDrop_Items.txt
c:\program files\mm.BOT\Logs\SearchInLogs.au3
c:\program files\mm.BOT\Logs\SearchInLogs.exe
c:\program files\mm.BOT\Logs\Sold_Items.txt
c:\program files\mm.BOT\mm.BOT.544.exe
c:\program files\mm.BOT\mm.BOT.MANUAL.htm
c:\program files\mm.BOT\mm.BOT.Play.lnk
c:\program files\mm.BOT\Scripts\Buy.Potions.exe
c:\program files\mm.BOT\Scripts\Eldritch.exe
c:\program files\mm.BOT\Scripts\Example.au3
c:\program files\mm.BOT\Scripts\mm.BOT.Include.au3
c:\program files\mm.BOT\Scripts\Move.Potions.exe
c:\program files\mm.BOT\Scripts\Pindle.exe
c:\program files\mm.BOT\Scripts\potbot.au3
c:\program files\mm.BOT\Scripts\potbot.exe
c:\program files\mm.BOT\Scripts\Precast.exe
c:\program files\mm.BOT\Scripts\Rauk.ColorBlocks.exe
c:\program files\mm.BOT\Scripts\ThreashSocket.exe
c:\program files\mm.BOT\Scripts\Travincal1.exe
c:\program files\mm.BOT\Scripts\Travincal2.exe
c:\program files\mm.BOT\Tools\mm.FList\mm.FList.au3
c:\program files\mm.BOT\Tools\mm.FList\mm.FList.exe
c:\program files\mm.BOT\Tools\mm.FList\mm.FList.ini
c:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.au3
c:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.exe
c:\program files\mm.BOT\Tools\mm.ItemReader\mm.ItemReader.ini
c:\program files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.au3
c:\program files\mm.BOT\Tools\mm.RBlocks\mm.RBlocks.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\BM430e0571.txt
c:\windows\BM430e0571.xml
c:\windows\pskt.ini
c:\windows\system\oeminfo.ini
c:\windows\system32\aasvqtad.dll
c:\windows\system32\adjipypm.ini
c:\windows\system32\afxnpk.dll
c:\windows\system32\bfywifqk.ini
c:\windows\system32\bnjjitga.dll
c:\windows\system32\btchfrox.ini
c:\windows\system32\chtmtytk.ini
c:\windows\system32\cknvejjn.exe
c:\windows\system32\dcfjlhrt.ini
c:\windows\system32\dtwsfqld.dll
c:\windows\system32\eofseo.dll
c:\windows\system32\eqsmhrqa.exe
c:\windows\system32\eyabjhee.ini
c:\windows\system32\fbkgqxsb.ini
c:\windows\system32\ffdfeabf.ini
c:\windows\system32\ggegshjn.exe
c:\windows\system32\gshvuqdy.ini
c:\windows\system32\hfutgrci.ini
c:\windows\system32\hmltlysr.ini
c:\windows\system32\hpgeqqcs.ini
c:\windows\system32\hurucafa.ini
c:\windows\system32\hyglpbkn.ini
c:\windows\system32\ibtafgjm.ini
c:\windows\system32\ifriqwbs.ini
c:\windows\system32\igvsejbe.ini
c:\windows\system32\iqhtjcqb.ini
c:\windows\system32\irmumjck.ini
c:\windows\system32\ixxphayq.ini
c:\windows\system32\jllcmeoh.ini
c:\windows\system32\jqqkaqox.ini
c:\windows\system32\jvdnwcxh.exe
c:\windows\system32\kcubwfxx.exe
c:\windows\system32\KnqXxGgh.ini
c:\windows\system32\lftvwuub.ini
c:\windows\system32\ljilsnhq.ini
c:\windows\system32\mehrsord.ini
c:\windows\system32\mlmegb.dll
c:\windows\system32\mmyratfw.dll
c:\windows\system32\mphbardr.ini
c:\windows\system32\mpjifsqy.ini
c:\windows\system32\msiconf.exe
c:\windows\system32\nggadhob.exe
c:\windows\system32\noqvvpdy.ini
c:\windows\system32\nyemymph.dll
c:\windows\system32\ojwgnolr.exe
c:\windows\system32\orkmvadh.exe
c:\windows\system32\pgflbtyx.ini
c:\windows\system32\probkroe.ini
c:\windows\system32\prrljsxq.ini
c:\windows\system32\qeqqfvue.ini
c:\windows\system32\qjldmmjq.dll
c:\windows\system32\sgmxcxmk.exe
c:\windows\system32\spwjfsil.exe
c:\windows\system32\tfdljwqr.exe
c:\windows\system32\ufpjxrtq.exe
c:\windows\system32\upfdmhop.ini
c:\windows\system32\uvbggwvp.dll
c:\windows\system32\vltlffwy.exe
c:\windows\system32\vtlfvqxc.dll
c:\windows\system32\wingamma.exe
c:\windows\system32\wogqtuwj.exe
c:\windows\system32\wrlxgrxr.exe
c:\windows\system32\wxubbdap.ini
c:\windows\system32\wxubbdap.ini2
c:\windows\system32\wxubbdap.tmp
c:\windows\system32\xawnofoq.ini
c:\windows\system32\xqhfqhwh.exe
c:\windows\system32\xyravqrw.ini
c:\windows\system32\yocycqqa.dll
c:\windows\system32\yvwlsqqg.ini

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.comj+|Cv+@J:NGD_DQ{ztHG.X
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Legacy_PASSWORD
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.

2008-12-16 16:42 . 2008-12-16 16:47 <DIR> d-------- c:\windows\LastGood
2008-12-11 12:37 . 2008-12-11 12:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-09 16:22 . 2008-12-09 16:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-04 14:47 . 2008-12-09 12:49 73,728 --a------ c:\windows\system32\TDSSeken.dll
2008-12-04 14:47 . 2008-12-09 12:48 60,416 --a------ c:\windows\system32\drivers\TDSSmyvo.sys
2008-12-04 14:47 . 2008-12-09 12:49 35,840 --a------ c:\windows\system32\TDSSjvkw.dll
2008-12-04 14:47 . 2008-12-09 12:49 31,232 --a------ c:\windows\system32\TDSSacsi.dll
2008-12-04 14:47 . 2008-12-09 12:49 29,696 --a------ c:\windows\system32\TDSSurtm.dll
2008-12-04 14:47 . 2008-12-16 16:06 2,704 --a------ c:\windows\system32\TDSSqxjb.dll
2008-12-04 14:47 . 2008-12-09 12:48 527 --a------ c:\windows\system32\TDSSivjb.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 23:19 --------- d-s---w c:\program files\Xfire
2008-12-16 23:04 --------- d-----w c:\documents and settings\Rob\Application Data\U3
2008-12-16 17:35 --------- d-----w c:\documents and settings\All Users\Application Data\AVG7
2008-12-16 02:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 01:48 --------- d-----w c:\documents and settings\Rob\Application Data\Xfire
2008-12-11 23:28 --------- d-----w c:\program files\mIRC
2008-12-11 02:49 --------- d-----w c:\program files\Trend Micro
2008-12-10 00:22 --------- d-----w c:\program files\Lavasoft
2008-12-10 00:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-18 22:06 --------- d-----w c:\documents and settings\Rob\Application Data\Azureus
2008-11-15 10:08 --------- d-----w c:\program files\EA Sports
2008-11-13 04:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 04:57 --------- d-----w c:\program files\Canon
2008-11-13 04:56 --------- d-----w c:\documents and settings\Rob\Application Data\Canon
2008-11-13 04:53 --------- d-----w c:\program files\AudioCommander
2008-11-13 04:51 --------- d-----w c:\program files\ArcSoft
2008-11-11 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-11 04:14 98,304 ----a-w c:\windows\DUMP7176.tmp
2008-11-11 04:13 98,304 ----a-w c:\windows\DUMP6f82.tmp
2008-11-11 04:11 98,304 ----a-w c:\windows\DUMP57d4.tmp
2008-11-11 04:10 98,304 ----a-w c:\windows\DUMP70da.tmp
2008-11-11 04:05 98,304 ----a-w c:\windows\DUMP7222.tmp
2008-11-11 04:04 98,304 ----a-w c:\windows\DUMP9867.tmp
2008-10-28 04:12 102,400 ----a-w c:\windows\system32\eyrqdr.dll
2008-10-28 04:12 102,400 ----a-w c:\windows\system32\cmibogdn.dll
2008-10-28 04:09 69,120 ----a-w c:\windows\system32\hoemcllj.dll
2008-10-27 04:12 69,120 ------w c:\windows\system32\xytblfgp.dll
2008-10-27 04:12 101,888 ----a-w c:\windows\system32\tkvqnxre.dll
2008-10-27 04:12 101,888 ----a-w c:\windows\system32\fawbhi.dll
2008-10-27 04:12 1,408,313 --sh--w c:\windows\system32\pgflbtyx.tmp
2008-10-26 04:09 102,400 ----a-w c:\windows\system32\lkdetxbx.dll
2008-10-26 04:09 102,400 ----a-w c:\windows\system32\fefsuo.dll
2008-10-26 04:07 69,632 ------w c:\windows\system32\mpypijda.dll
2008-10-26 03:55 1,383,160 --sha-w c:\windows\system32\lkhrfwtg.tmp
2008-10-25 04:55 68,608 ------w c:\windows\system32\icrgtufh.dll
2008-10-25 04:52 102,400 ----a-w c:\windows\system32\wxeaag.dll
2008-10-25 04:52 102,400 ----a-w c:\windows\system32\vmnrhyrr.dll
2008-10-24 04:52 69,632 ------w c:\windows\system32\gtwfrhkl.dll
2008-10-24 04:52 101,376 ----a-w c:\windows\system32\uhnezs.dll
2008-10-24 04:52 101,376 ----a-w c:\windows\system32\ltrgnqyv.dll
2008-10-23 04:52 68,608 ------w c:\windows\system32\fbaefdff.dll
2008-10-23 04:52 102,400 ----a-w c:\windows\system32\ggkhzd.dll
2008-10-23 04:52 102,400 ----a-w c:\windows\system32\cawckjes.dll
2008-10-23 04:52 1,383,160 --sh--w c:\windows\system32\ffdfeabf.tmp
2008-10-22 04:52 101,888 ----a-w c:\windows\system32\xjatpx.dll
2008-10-22 04:52 101,888 ----a-w c:\windows\system32\adaayfif.dll
2008-10-22 04:49 69,632 ------w c:\windows\system32\qofonwax.dll
2008-10-21 04:51 101,888 ----a-w c:\windows\system32\mlhrxl.dll
2008-10-21 04:51 101,888 ----a-w c:\windows\system32\etagxuix.dll
2008-10-21 04:48 69,120 ----a-w c:\windows\system32\qyahpxxi.dll
2008-10-20 04:48 69,120 ------w c:\windows\system32\bqcjthqi.dll
2008-10-20 04:46 101,888 ----a-w c:\windows\system32\vvgysevv.dll
2008-10-20 04:46 101,888 ----a-w c:\windows\system32\vpynga.dll
2008-10-20 03:46 101,888 ----a-w c:\windows\system32\ygdiwr.dll
2008-10-20 03:46 101,888 ----a-w c:\windows\system32\gajadaap.dll
2008-10-20 03:40 69,120 ------w c:\windows\system32\kcjmumri.dll
2008-10-20 03:37 156,672 ----a-w c:\windows\system32\ommosvwx.dll
2008-10-20 03:31 101,888 ----a-w c:\windows\system32\xvwrfytq.dll
2008-10-20 03:31 101,888 ----a-w c:\windows\system32\omvkin.dll
2008-10-20 03:30 69,120 ------w c:\windows\system32\yqsfijpm.dll
2008-10-17 18:27 156,672 ----a-w c:\windows\system32\hyftmroe.dll
2008-10-17 18:21 101,888 ----a-w c:\windows\system32\kglpdpuf.dll
2008-10-17 18:21 101,888 ----a-w c:\windows\system32\hoyprl.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 18:18 101,888 ----a-w c:\windows\system32\ugodpwqi.dll
2008-10-16 18:18 101,888 ----a-w c:\windows\system32\razgjs.dll
2008-10-16 15:00 12,561,919 ------w C:\AVG7QT.DAT
2008-10-15 18:18 101,376 ----a-w c:\windows\system32\uyebounv.dll
2008-10-15 18:18 101,376 ----a-w c:\windows\system32\lpdphb.dll
2008-10-14 18:21 101,376 ----a-w c:\windows\system32\qgrpqs.dll
2008-10-14 18:21 101,376 ----a-w c:\windows\system32\lrosrepg.dll
2008-10-13 18:14 110,592 ----a-w c:\windows\system32\fkfaiyhc.dll
2008-10-13 18:14 110,592 ----a-w c:\windows\system32\ektizs.dll
2008-10-12 18:13 112,128 ----a-w c:\windows\system32\waxadn.dll
2008-10-12 18:13 112,128 ----a-w c:\windows\system32\lobtbosq.dll
2008-10-11 01:50 109,568 ----a-w c:\windows\system32\yqqgjkxh.dll
2008-10-11 01:50 109,568 ----a-w c:\windows\system32\cuanif.dll
2008-10-10 01:47 155,648 ----a-w c:\windows\system32\dtrjljpo.dll
2008-10-09 01:47 78,336 ----a-w c:\windows\system32\eehjbaye.dll
2008-10-09 01:47 112,128 ----a-w c:\windows\system32\tkvasedt.dll
2008-10-09 01:47 112,128 ----a-w c:\windows\system32\olasal.dll
2008-10-08 01:47 110,592 ----a-w c:\windows\system32\txkzly.dll
2008-10-08 01:47 110,592 ----a-w c:\windows\system32\scxjmcsy.dll
2008-10-07 01:46 110,592 ----a-w c:\windows\system32\uansnteg.dll
2008-10-07 01:46 110,592 ----a-w c:\windows\system32\sqnqnp.dll
2008-10-07 00:25 110,592 ----a-w c:\windows\system32\rdedwg.dll
2008-10-07 00:25 110,592 ----a-w c:\windows\system32\hlisymhr.dll
2008-10-07 00:24 155,648 ----a-w c:\windows\system32\hlcnhnjl.dll
2008-10-07 00:22 110,592 ----a-w c:\windows\system32\swcfllnv.dll
2008-10-07 00:22 110,592 ----a-w c:\windows\system32\rggfqq.dll
2008-10-07 00:19 77,312 ------w c:\windows\system32\ydpvvqon.dll
2008-09-26 18:55 113,152 ----a-w c:\windows\system32\fkcwggct.dll
2008-09-26 18:55 113,152 ----a-w c:\windows\system32\fgiyqg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-12 32768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\program files\Opera\program\plugins\NPSWF32_FlashUtil.exe" [2008-10-04 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-20 579072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-13 282624]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 c:\windows\LOGI_MWX.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\ctfmon.exe" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 219136]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-01 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2004-12-01 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YU12"= ATIYUV12.DLL
"msacm.divxa32"= msaud32_divx.acm
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Rob^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Rob\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 20:46 57344 c:\program files\Adobe\Acrobat 7.0\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 02:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
--a------ 2008-10-04 19:24 235936 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 01:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-10-11 11:45 75304 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"c:\\Program Files\\Starcraft\\starcraft.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_06\\jre\\bin\\java.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Gpotato\\Flyff\\Flyff.exe"=
"c:\\Program Files\\Gravity\\eAthenaSQL\\RASGUI.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\Gom.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Diablo II\\D2Loader-1.12-ALPHA2.exe"=
"c:\\Program Files\\SwarmPlayer\\swarmplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"43577:TCP"= 43577:TCP:Azureus(port)
"6900:TCP"= 6900:TCP:Symmetry Online_1
"6121:TCP"= 6121:TCP:Symmetry Online_2
"5121:TCP"= 5121:TCP:Symmetry Online_3
"80:TCP"= 80:TCP:Symmetry Online_4

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2005-08-25 466880]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys []
S2 NokiaSuite3;NokiaSuite3; []
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2003-02-12 14092]
S3 npkycryp;npkycryp;\??\c:\program files\Gravity\RO\npkycryp.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\OblivionLauncher.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-02 c:\windows\Tasks\HP DArC Task #Hewlett-Packard#7200#CN38H2B3W1I5.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe []

2008-12-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2003-08-20 13:23]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0073A0FE-1C2C-47B5-AB28-F2351159F69b} - c:\windows\system32\vtlfvqxc.dll
BHO-{0EA0008A-8BEC-4205-8385-3D517ADB9470} - (no file)
BHO-{309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
BHO-{64C55EEE-3272-4C07-B3EE-6D83EE4FB482} - (no file)
BHO-{C8B7CD33-8035-4847-94BF-04F39A5D9047} - (no file)
HKLM-Run-HostManager - c:\program files\Common Files\AOL\1151730454\ee\AOLSoftware.exe
HKLM-Run-IPHSend - c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
HKLM-Run-BM430e0571 - c:\windows\system32\xmcuxbtx.dll
HKLM-Run-403d36ed - c:\windows\system32\rdrabhpm.dll
ShellExecuteHooks-{309311F1-8F50-452E-A98D-69AFD7A34AA8} - (no file)
MSConfigStartUp-403d36ed - c:\windows\system32\rdrabhpm.dll
MSConfigStartUp-ATI Launchpad - c:\program files\ATI Multimedia\main\launchpd.exe
MSConfigStartUp-ATI Scheduler - c:\program files\ATI Multimedia\main\ATISched.EXE
MSConfigStartUp-BM430e0571 - c:\windows\system32\xmcuxbtx.dll
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1151730454\ee\AOLSoftware.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-IPHSend - c:\program files\Common Files\AOL\IPHSend\IPHSend.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearch Page = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
mCustomizeSearch =
IE: c:\progra~1\COMMON~1\BTLINK\btlink.dll//iemenu
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: First Class Solitaire by pogo - hxxp://game3.pogo.com/applet-6.0.1.20/solitaire2/solitaire2-ob-assets.cab
c:\windows\Downloaded Program Files\First Class Solitaire by pogo.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Tri-Peaks by pogo - hxxp://game4.pogo.com/applet-6.0.1.20/peaks/peaks-ob-assets.cab
c:\windows\Downloaded Program Files\Tri-Peaks by pogo.osd

O16 -: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
c:\windows\Downloaded Program Files\Yahoo! Chat.osd

c:\windows\Downloaded Program Files\gomtvx.dll - O16 -: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2}
hxxp://app.gomtv.com/gomtv/gomtvx.cab
c:\windows\Downloaded Program Files\gomtvx.inf
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\pp0y0pdk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///C:/Program%20Files/BillP%20Studios/WinPatrol/helpme.html|hxxp://forums.majorgeeks.com/showthread.php?t=74407|http://www.atribune.org/index.php?option=com_content&task=view&id=38&Itemid=2|http://www.atribune.org/forums/index.php?showtopic=424|http://s3.travian.us/dorf1.php|http://by124w.bay124.mail.live.com/mail/mail.aspx?rru=inbox&n=309619068&wa=wsignin1.0|http://forum.travian.us/forumdisplay.php?f=30|http://www.bandofbrothers-s4.com/f/index.php|http://www.traviandope.com/map.php?change_sid=16&show_idle=1&pos_x=105&pos_y=144|http://vancouver.en.craigslist.ca/lab/883038401.html|http://vancouver.en.craigslist.ca/fbh/883216333.html
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 17:20:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSjsfo.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
c:\progra~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\progra~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\mysql\bin\mysqld-nt.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-12-16 17:31:13 - machine was rebooted [Rob]
ComboFix-quarantined-files.txt 2008-12-17 01:31:10

Pre-Run: 24,383,115,264 bytes free
Post-Run: 24,057,110,528 bytes free

538 --- E O F --- 2008-09-04 00:40:03

Yes, malware blocks that.

Please post also a fresh HijackThis log :)

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.