Hello,

I was having a similar problem as in this thread (http://forums.spybot.info/showthread.php?t=8153), continually getting warnings from avast! all of a sudden. I kept deleting the found trojan horses and virus, alternately moving them to the 'chest' when deleting didn't seem to do any good, but nothing seemed to work. I've now installed Zone Alarm Pro, and it seems I've manage to get rid of almost everything (9 viruses with 90 some odd infections according to my first Kaspersky scan). A scan with avast! now comes up empty, and I get no warnings, but a scan with Kaspersky still reports one virus and two infections. What should I do to get rid of these? Can I just delete these files?


KASPERSKY ONLINE SCANNER REPORT
Tuesday, November 07, 2006 11:37:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/11/2006
Kaspersky Anti-Virus database records: 225518
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 74236
Number of viruses found 1
Number of infected objects 2 / 0
Number of suspicious objects 0
Duration of the scan process 00:43:01

Infected Object Name Virus Name Last Action
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\browserstate-logs\log-20061107-223907-109.txt Object is locked skipped
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\cert8.db Object is locked skipped
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\flashgot.log Object is locked skipped
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\history.dat Object is locked skipped
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\key3.db Object is locked skipped
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\parent.lock Object is locked skipped
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\search.sqlite Object is locked skipped
C:\Documents and Settings\~\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\chat512.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\index2.dat Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\profile16384.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\transfer256.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\transfer512.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\user1024.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\user16384.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\user256.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\user4096.dbb Object is locked skipped
C:\Documents and Settings\~\Application Data\Skype\fx2ooo\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\~\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\~\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\~\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\~\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\~\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\~\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\~\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\~\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\~\Local Settings\History\History.IE5\MSHist012006110720061108\index.dat Object is locked skipped
C:\Documents and Settings\~\Local Settings\Temp\~DF4A96.tmp Object is locked skipped
C:\Documents and Settings\~\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\~\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\~\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\~\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\~\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\~\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A5C6D32D-9A80-41C8-8BDD-3890ABD4179D}\RP138\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ADAMD_DELL.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system\smss.exe Infected: Trojan-Proxy.Win32.Horst.km skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\nvsvcd.exe Infected: Trojan-Proxy.Win32.Horst.km skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0677f.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06782.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

hi agent2026,

before deleting anything, please post a hjt log. see item #4 in this sticky:

http://forums.spybot.info/showthread.php?t=288

Okay, here are the details. Processes are in next post, as the log is just over the max allowed characters to post.

Logfile of HijackThis v1.99.1
Scan saved at 08:22:43, on 08/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes Global Hot Keys\iTunesHotKey.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CrystalXP] C:\Program Files\CrystalXP\CrystalXP.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: iTunesHotKey.lnk = C:\Program Files\iTunes Global Hot Keys\iTunesHotKey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159799061203
O18 - Protocol: bw+0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe

hi agent2026,

thanks for the info.

lets try this:
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
-----------------------------------------------
next:
go to start>run and type in--> services.msc,<--in the list of services that comes up look for under the name column>>Windows Log

right click on it and select properties. under the general tab:
make sure that the service status is: Stopped
and the Startup type is: disabled
-------------------------------------------------
do another kapersky av scan. see if that takes care of it.

shelf life

Hi shelf life,

It's gotten a little worse I'm afraid:

KASPERSKY ONLINE SCANNER REPORT
Thursday, November 09, 2006 8:08:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/11/2006
Kaspersky Anti-Virus database records: 225952
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 74574
Number of viruses found 2
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 00:43:07

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\browserstate-logs\log-20061108-233545-609.txt Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\cert8.db Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\history.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\key3.db Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\parent.lock Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chat512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\index2.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user1024.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user16384.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user4096.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\History\History.IE5\MSHist012006110820061109\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\~DF4A96.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Adam Davis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Adam Davis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Adam Davis\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A5C6D32D-9A80-41C8-8BDD-3890ABD4179D}\RP139\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ADAMD_DELL.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system\smss.exe Infected: Trojan-Proxy.Win32.Horst.km skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\nvsvcd.exe Infected: Trojan-Proxy.Win32.Horst.km skipped
C:\WINDOWS\system32\spool\drivers\setup.exe Infected: Trojan-Proxy.Win32.Horst.lg skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0677f.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06782.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

hi agent2026,

lets try trendmicro sysclean. needs to run in safe mode. you reach safe mode by tapping the f8 key during a computer restart. chose the first option from the list: safe mode. full directions here:

http://esupport.trendmicro.com/support/viewxml.do?ContentID=en-125991

i would copy/paste the part to do in safe mode into notepad and save it somewhere so you can follow it while in safe mode

shelf life

Hi,

I'm having trouble starting up in safe mode. This machine has 2 user accounts, and when it starts up I don't get anything until the login screen. If I hit f8 while it's starting up, it never starts up and I don't even get the login screen (just stays black).

Sorry I"m dragging this out so long. I'm on GMT+1 over here, and this is my home PC so I can't try anything during the day. Thanks for your patience.

hi agent2026,

sorry for the delay. lets try another online scanner:
Panda ActiveScan

http://www.pandasoftware.com/products/activescan.htm

* click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country if not already posted
* Enter your State or Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If prompted to install an ActiveX component-- allow it
* It will start downloading files it needs for the scan
* When download is complete, click on My Computer icon to start scan
* When the scan completes, if anything malicious is found, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


see if this helps for safe mode:

http://www.computerhope.com/issues/chsafe.htm#02

your avast antivirus is up to date?
shelf life

Hello again,

avast! is up to date.

Still can't start in Safe Mode.

Panda Software reports zero viruses/infections.

Kaspersky still reports 2 viruses, 3 infections:

Sunday, November 12, 2006 1:34:13 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/11/2006
Kaspersky Anti-Virus database records: 227150
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 75733
Number of viruses found 2
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 00:45:26


Report below.

C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\browserstate-logs\log-20061112-114305-718.txt Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\cert8.db Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\history.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\key3.db Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\parent.lock Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chat512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\index2.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user1024.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user16384.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user4096.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\History\History.IE5\MSHist012006111220061113\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\~DF4094.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\~DFFBC0.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Adam Davis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Adam Davis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Adam Davis\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A5C6D32D-9A80-41C8-8BDD-3890ABD4179D}\RP142\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ADAMD_DELL.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system\smss.exe Infected: Trojan-Proxy.Win32.Horst.km skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nvsvcd.exe Infected: Trojan-Proxy.Win32.Horst.km skipped
C:\WINDOWS\system32\spool\drivers\setup.exe Infected: Trojan-Proxy.Win32.Horst.lg skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_79c.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0399b.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0399f.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

hi agent2026,

thanks for the info. lets try to manually delete the files. first make sure files are set to show:

FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok
----------------------------------------------------------------------------
see if you can locate and delete these .exe:

smss.exe located here>>C:\WINDOWS\system
note: there is a micorsoft smss.exe in the system32 dir. its ok. notice the path

nvsvcd.exe located here>>C:\WINDOWS\system32
setup.exe located here>>C:\WINDOWS\system32\spool\drivers
-------------------------------------------------------------------------
if you cant delete them we can either use hjt or get another app to use.

shelf life

Okay, deleted those.

HJT (1/2):

Logfile of HijackThis v1.99.1
Scan saved at 21:56:51, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes Global Hot Keys\iTunesHotKey.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CrystalXP] C:\Program Files\CrystalXP\CrystalXP.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: iTunesHotKey.lnk = C:\Program Files\iTunes Global Hot Keys\iTunesHotKey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159799061203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

HJT (2/2):

O18 - Protocol: bw+0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kaspersky (1/2):

Scan Statistics
Total number of scanned objects 75930
Number of viruses found 2
Number of infected objects 3 / 0
Number of suspicious objects 0
Duration of the scan process 00:44:50

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Adam Davis\Application Data\Adobe\Acrobat\7.0\adamd_dell.err Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\browserstate-logs\log-20061112-114305-718.txt Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\cert8.db Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\history.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\key3.db Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\parent.lock Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chat512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\index2.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user1024.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user16384.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\user4096.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Application Data\Skype\fx2ooo\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Adam Davis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Application Data\Mozilla\Firefox\Profiles\eu0vsqza.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\Acr1C5A.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\Acr1C68.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\Acr1C6C.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\~DF4094.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temp\~DFFBC0.tmp Object is locked skipped
C:\Documents and Settings\Adam Davis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam Davis\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Adam Davis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Adam Davis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Adam Davis\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A5C6D32D-9A80-41C8-8BDD-3890ABD4179D}\RP143\A0013082.exe Infected: Trojan-Proxy.Win32.Horst.km skipped
C:\System Volume Information\_restore{A5C6D32D-9A80-41C8-8BDD-3890ABD4179D}\RP143\A0013083.exe Infected: Trojan-Proxy.Win32.Horst.km skipped
C:\System Volume Information\_restore{A5C6D32D-9A80-41C8-8BDD-3890ABD4179D}\RP143\A0013084.exe Infected: Trojan-Proxy.Win32.Horst.lg skipped
C:\System Volume Information\_restore{A5C6D32D-9A80-41C8-8BDD-3890ABD4179D}\RP143\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ADAMD_DELL.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_79c.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0399b.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0399f.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

hi agent2026,

good. those 3 in red are in your system restore. sometimes stuff can get archived in there, so we will make new clean restore points:

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(makes new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
----------------------------------------------------
you can uninstall Logitech\Desktop Messenger form the add/remove programs panel if you want, all it does is check for updated software for logitech products, something you can do manually.

shelf life

Looks good! Kaspersky and avast! report zero viruses/infections. Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:18:06, on 14/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes Global Hot Keys\iTunesHotKey.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ZipTorrent] C:\Program Files\ZipTorrent\ZipTorrent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [CrystalXP] C:\Program Files\CrystalXP\CrystalXP.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: iTunesHotKey.lnk = C:\Program Files\iTunes Global Hot Keys\iTunesHotKey.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159799061203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3F318ACB-A5B4-43FC-BC61-E9968E47AE3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hi agent2026,

good. the hjt log looks good to. i didnt see a anti-malware app. you might want to download, update and ocasionally scan with one of these apps thats listed here:

http://www.spywarewarrior.com/uiuc/soft6.htm
------------------------------------------------------
is you bittorrent client running at startup? thats not a good idea in my opinion.

shelf life

Thanks a lot shelf life. I really appreciate your help and patience.

No, I don't run torrent clients at startup. Even so, I'm pretty sure it was a bad torrent that started all this. Learned my lesson anyway.

I have Zone Alarm Pro installed, which scans for spyware, and avast! anti-virus (which is a little disappointing, needless to say). Zone Alarm doesn't recognize avast! for anti-virus though, so maybe there's a weakness there.

I was under the impression that Zone Alarm Pro was enough coverage for malware, but if you think I need more protection I will look into those apps.

Thanks again,
agent2026

hi agent2026,


I don't run torrent clients at startup
what i meant was is it starting automatically? if you see the icon by the clock then its possible that its connected to a network. if it you see the icon but you have to manually start a download/upload thats ok. some people may not change the default options, one of which may be to start with windows.


it was a bad torrent that started all this
if you go looking for cracks, keygens, software etc you will find them. thats not to say file sharing is not safe, you can get all kinds of crap from your e-mail. i have some file sharing tips on my website.


I have Zone Alarm Pro installed, which scans for spyware,
a firewall is a good idea, iam not familiar with za spyware component. iam not a big fan of "all in one suites" iam sure its good, but it wont hurt to have another one either. avg antispyware is very popular and has a 30 day trial version. after 30 days it becomes a limited version but you can still update and scan with it.
see this link for more options:
http://www.spywarewarrior.com/uiuc/soft6.htm


Zone Alarm doesn't recognize avast! for anti-virus though
maybe za is selling antivirus these days? i wouldnt be worried about it, avast is a well known antivirus app.

shelf life

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).