Need Help with virus that wont go away

**HUGHE.G** · 2009-07-18, 21:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:40 PM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\NavNT\defwatch.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\NavNT\rtvscan.exe
F:\PROGRA~1\VISION~1\ONETOU~2.EXE
F:\Program Files\NavNT\vptray.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\ScsiAccess.EXE
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\MsgSys.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, F:\WINDOWS\system32\npdek.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\SYSTEM32\Userinit.exe,xkjiumu.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [OneTouch Monitor] F:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] F:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUfox000(2)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O18 - Protocol: bw+0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20360 bytes

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder F:\WINDOWS\system32\npdek.exe not found.
File/Folder F:\WINDOWS\system32\xkjiumu.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Family
->Temp folder emptied: 24833 bytes
File delete failed. F:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20295220 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Lord Jacob

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. F:\WINDOWS\temp\ZLT0344a.TMP scheduled to be deleted on reboot.
File delete failed. F:\WINDOWS\temp\ZLT03464.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 1176 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19.44 mb

OTM by OldTimer - Version 3.0.0.5 log created on 07182009_150304

Files moved on Reboot...
File F:\WINDOWS\temp\ZLT0344a.TMP not found!
File F:\WINDOWS\temp\ZLT03464.TMP not found!

Registry entries deleted on Reboot...

**ken545** · 2009-07-19, 00:10

Did you run OTM first, then reboot and run HJT , if not, then reboot and run HJT and post a new log. The reason I am asking is because of these two entries. I am trying to flgure out if something on your system is preventing there removal or if there is hidden malware preventing them from being removed

F2 - REG:system.ini: Shell=Explorer.exe, F:\WINDOWS\system32\npdek.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\SYSTEM32\Userinit.exe,xkjiumu.exe

Please download Rooter Rootkit Detector to your Desktop

Doubleclick it to start the tool.
A Notepad file containing the report will open, also found at %systemdrive% (usually C\Rooter.txt.
Post the report for me to see.

**HUGHE.G** · 2009-07-19, 01:08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:34 PM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\NavNT\defwatch.exe
F:\PROGRA~1\VISION~1\ONETOU~2.EXE
F:\Program Files\NavNT\vptray.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\NavNT\rtvscan.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\WINDOWS\system32\ScsiAccess.EXE
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\MsgSys.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, F:\WINDOWS\system32\npdek.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\SYSTEM32\Userinit.exe,xkjiumu.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [OneTouch Monitor] F:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] F:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUfox000(2)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O18 - Protocol: bw+0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20360 bytes

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 4 Stepping 4, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.11
.
C:\ [Fixed-FAT32] .. ( Total:74 Go - Free:1 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Fixed-NTFS] .. ( Total:111 Go - Free:13 Go )
.
Scan : 19:00.47
Path : F:\Documents and Settings\Family\Desktop\Rooter.exe
User : Family ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ (4)
______ \SystemRoot\System32\smss.exe (568)
______ \??\F:\WINDOWS\system32\csrss.exe (620)
______ \??\F:\WINDOWS\system32\winlogon.exe (648)
______ F:\WINDOWS\system32\services.exe (696)
______ F:\WINDOWS\system32\lsass.exe (708)
______ F:\WINDOWS\system32\svchost.exe (872)
______ F:\WINDOWS\system32\svchost.exe (928)
______ F:\WINDOWS\System32\svchost.exe (996)
______ F:\WINDOWS\System32\svchost.exe (1088)
______ F:\WINDOWS\system32\svchost.exe (1204)
______ F:\WINDOWS\system32\spoolsv.exe (1312)
______ F:\WINDOWS\Explorer.EXE (1636)
______ F:\Program Files\NavNT\defwatch.exe (1916)
______ F:\PROGRA~1\VISION~1\ONETOU~2.EXE (1936)
______ F:\Program Files\NavNT\vptray.exe (1944)
______ F:\Program Files\Microsoft IntelliPoint\point32.exe (1992)
______ F:\WINDOWS\system32\drivers\KodakCCS.exe (2016)
______ F:\Program Files\QuickTime\qttask.exe (188)
______ F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (220)
______ F:\Program Files\NavNT\rtvscan.exe (332)
Locked (424)
______ F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe (460)
______ F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE (596)
______ F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (616)
______ F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (668)
______ F:\WINDOWS\system32\ctfmon.exe (128)
______ F:\WINDOWS\system32\nvsvc32.exe (984)
______ F:\WINDOWS\system32\HPZipm12.exe (1036)
______ F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (1048)
______ F:\WINDOWS\system32\ScsiAccess.EXE (1176)
______ F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe (1392)
______ F:\WINDOWS\System32\svchost.exe (1412)
______ F:\WINDOWS\system32\wdfmgr.exe (1492)
______ F:\Program Files\Logitech\SetPoint\SetPoint.exe (1496)
Locked (1668)
______ F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (1976)
______ F:\WINDOWS\system32\MsgSys.EXE (2296)
______ F:\WINDOWS\system32\wscntfy.exe (3108)
______ F:\WINDOWS\System32\alg.exe (3644)
______ F:\WINDOWS\System32\svchost.exe (4004)
______ F:\Documents and Settings\Family\Desktop\Rooter.exe (4060)
Hidden F:\WINDOWS\system32\wglakh.exe (1592)
Hidden F:\WINDOWS\system32\npdek.exe (1644)
Hidden F:\WINDOWS\system32\npdek.exe (1672)
Hidden F:\WINDOWS\system32\npdek.exe (1688)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:120023253504)
.
----------------------\\ Scheduled Tasks
.
F:\WINDOWS\Tasks\Calculator.job
F:\WINDOWS\Tasks\desktop.ini
F:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 19:01.54
.
F:\Rooter$\Rooter_1.txt - (18/07/2009 | 19:01.54)

**ken545** · 2009-07-19, 01:51

Remove these with HJT

F2 - REG:system.ini: Shell=Explorer.exe, F:\WINDOWS\system32\npdek.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\SYSTEM32\Userinit.exe,xkjiumu.exe

1. Please download The Avenger by Swandog46 and SAVE it to your Desktop.

After download has completed,
Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the lines of text in the code box below (including blank lines and comments) to your Clipboard by highlighting them with your mouse, then Right clicking and choosing Copy:

Code:

Files to delete:
F:\WINDOWS\system32\wglakh.exe 
F:\WINDOWS\system32\npdek.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage your system!

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following:

It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please delete C:\avenger <=this folder; Do NOT delete C:\avenger.txt <=this file

Please post the contents of C:\Avenger.txt; and a new HJT log please

**HUGHE.G** · 2009-07-19, 02:23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:51 PM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\NavNT\defwatch.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\NavNT\rtvscan.exe
F:\PROGRA~1\VISION~1\ONETOU~2.EXE
F:\Program Files\NavNT\vptray.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\WINDOWS\system32\ScsiAccess.EXE
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\MsgSys.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, F:\WINDOWS\system32\npdek.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\SYSTEM32\Userinit.exe,xkjiumu.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [OneTouch Monitor] F:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] F:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUfox000(2)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O18 - Protocol: bw+0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20360 bytes

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at F:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "F:\WINDOWS\system32\wglakh.exe" deleted successfully.
File "F:\WINDOWS\system32\npdek.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

**ken545** · 2009-07-19, 11:31

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Rootkit::

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="F:\WINDOWS\SYSTEM32\Userinit.exe,"
"Shell"="Explorer.exe"

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

**HUGHE.G** · 2009-07-19, 19:48

ComboFix 09-07-19.01 - Family 07/19/2009 12:56.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.640.275 [GMT -4:00]
Running from: f:\documents and settings\Family\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Family\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\docume~1\Family\LOCALS~1\Temp\IadHide5.dll
f:\documents and settings\Family\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 00:17 . 2009-07-19 00:17 28672 ----a-w- f:\windows\system32\npdek.exe
2009-07-19 00:17 . 2009-07-15 17:23 127488 ----a-w- f:\windows\system32\wglakh.exe
2009-07-18 23:01 . 2009-07-18 23:01 -------- d-----w- F:\Rooter$
2009-07-18 17:13 . 2009-07-18 17:13 -------- d-----w- F:\_OTM
2009-07-16 23:35 . 2009-07-16 23:35 -------- d-----w- f:\documents and settings\Family\Application Data\Malwarebytes
2009-07-16 23:35 . 2009-07-13 17:36 38160 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-07-16 23:35 . 2009-07-16 23:35 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-16 23:35 . 2009-07-16 23:35 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2009-07-16 23:35 . 2009-07-13 17:36 19096 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-07-15 17:45 . 2009-07-15 17:45 -------- d-----w- F:\!KillBox
2009-07-15 17:23 . 2009-07-15 17:23 127488 ----a-w- f:\windows\system32\ddbdw.dat
2009-07-15 17:18 . 2009-07-15 17:18 -------- d-----w- f:\program files\Trend Micro
2009-07-14 21:46 . 2008-09-30 13:51 230400 --sh--r- f:\windows\system32\??rss.exe
2009-07-14 18:51 . 2009-07-14 18:51 -------- d-----w- f:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-14 18:51 . 2009-07-14 18:51 -------- d-----w- f:\program files\SDHelper (Spybot - Search & Destroy)
2009-06-27 06:03 . 2009-06-27 06:03 -------- d-----w- f:\documents and settings\All Users\Application Data\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 17:06 . 2007-11-24 06:23 1338560 --sha-w- f:\windows\system32\drivers\fidbox.idx
2009-07-19 17:06 . 2007-11-24 06:23 114561056 --sha-w- f:\windows\system32\drivers\fidbox.dat
2009-07-18 16:46 . 2004-02-12 02:22 -------- d-----w- f:\documents and settings\All Users\Application Data\Viewpoint
2009-07-16 13:50 . 2003-07-26 15:53 -------- d-----w- f:\documents and settings\All Users\Application Data\QuickTime
2009-07-16 13:40 . 2009-02-15 18:18 -------- d-----w- f:\program files\Cain
2009-07-15 22:51 . 2006-09-09 14:53 -------- d-----w- f:\documents and settings\Family\Application Data\uTorrent
2009-07-15 17:22 . 2009-07-15 17:50 3736064 ----a-w- f:\windows\Internet Logs\xDB166.tmp
2009-07-14 21:47 . 2004-01-21 03:34 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-14 18:55 . 2004-01-21 03:34 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-05-04 16:30 . 2009-05-04 16:58 3263488 ----a-w- f:\windows\Internet Logs\xDB165.tmp
2006-06-03 21:12 . 2006-06-03 21:12 63 -c--a-w- f:\program files\ini.ini
2009-07-18 02:06 . 2008-07-14 05:01 137208 ----a-w- f:\program files\mozilla firefox\components\brwsrcmp.dll
2008-12-09 17:04 . 2008-10-29 15:57 27976 ----a-w- f:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-12-09 17:04 . 2008-10-29 15:57 126360 ----a-w- f:\program files\mozilla firefox\plugins\atgpcext.dll
2005-07-29 20:24 . 2006-06-03 21:10 472 -csha-r- f:\windows\SmFjb2I\mAI3vZK.vbs
2008-09-30 13:51 . 2009-07-14 21:46 230400 --sh--r- f:\windows\system32\??rss.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C84 Series (Copy 1)"="f:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" [2003-05-27 99840]
"LDM"="f:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-01-02 36864]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"stwsl"="f:\windows\system32\wglakh.exe" [2009-07-15 127488]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PPWebCap"="f:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-08-10 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="f:\program files\NavNT\vptray.exe" [2001-09-24 73728]
"EPSON Stylus C84 Series"="f:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" [2003-05-27 99840]
"IntelliPoint"="f:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"EPSON Stylus C84 Series (Copy 1)"="f:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" [2003-05-27 99840]
"CloneCDTray"="f:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-27 57344]
"ATIPTA"="f:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2006-02-11 155648]
"Adobe Photo Downloader"="f:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"NeroFilterCheck"="f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2006-08-12 86016]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ZoneAlarm Client"="f:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016]
"wwprkf"="f:\windows\system32\wglakh.exe" [2009-07-15 127488]
"SunJavaUpdateSched"="f:\program files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-04 32881]
"HPDJ Taskbar Utility"="f:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"DeadAIM"="f:\program files\AIM\\DeadAIM.ocm" [2004-04-11 144896]
"nwiz"="nwiz.exe" - f:\windows\system32\nwiz.exe [2006-08-12 1519616]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - f:\windows\KHALMNPR.Exe [2005-07-23 28160]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - f:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - f:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Logitech Desktop Messenger.lnk - f:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-1-2 196608]
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2005-12-25 528384]
Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
pnxbq.exe [2006-6-17 127488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="f:\windows\system32\userinit.exe,xkjiumu.exe"
"shell"="Explorer.exe, f:\windows\system32\npdek.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"Network Monitor"=2 (0x2)
"WinDefend"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 amdagpxp;AMD NB AGP Bus Filter;f:\windows\system32\drivers\amdagpxp.sys [7/6/2005 3:52 PM 27776]
R3 Gcr432;Gcr432;f:\windows\system32\drivers\gcr432.sys [10/4/2001 4:18 PM 53701]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver;f:\windows\system32\drivers\SMC1211.sys [7/11/2001 12:06 PM 23153]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);f:\windows\system32\drivers\xbreader.sys [7/12/2004 4:02 PM 19677]
.
Contents of the 'Scheduled Tasks' folder

2003-08-23 f:\windows\Tasks\Calculator.job
- f:\windows\system32\calc.exe [2003-07-22 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.search.msn.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search - ?p=ZUfox000(2)
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - f:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\Default User\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: f:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: f:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: f:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: f:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: f:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: f:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: f:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\npunagi2.dll

---- FIREFOX POLICIES ----
f:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
f:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
f:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
f:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
f:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
f:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 13:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

f:\documents and settings\All Users\Start Menu\Programs\Startup\pnxbq.exe 127488 bytes executable
f:\windows\system32\dnlacpf.dll 51712 bytes executable
f:\windows\system32\npdek.exe 28672 bytes executable
f:\windows\system32\wglakh.exe 127488 bytes executable
f:\windows\system32\xkjiumu.exe 23552 bytes executable

scan completed successfully
hidden files: 5

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3092)
f:\docume~1\Family\LOCALS~1\TempIadHide5.dll
f:\program files\Logitech\SetPoint\GameHook.dll
f:\program files\Logitech\SetPoint\lgscroll.dll
f:\windows\system32\dnlacpf.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\NavNT\defwatch.exe
f:\windows\system32\drivers\KodakCCS.exe
f:\program files\NavNT\rtvscan.exe
f:\windows\system32\nvsvc32.exe
f:\windows\system32\HPZipm12.exe
f:\windows\system32\ScsiAccess.EXE
f:\windows\system32\wdfmgr.exe
f:\windows\system32\ZoneLabs\vsmon.exe
f:\windows\system32\MSGSYS.EXE
f:\windows\system32\wscntfy.exe
f:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2009-07-19 13:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 17:38
ComboFix2.txt 2009-07-18 02:04

Pre-Run: 13,794,197,504 bytes free
Post-Run: 13,730,447,360 bytes free

230 --- E O F --- 2009-04-01 00:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:48 PM, on 7/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\NavNT\defwatch.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\NavNT\rtvscan.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\ScsiAccess.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\MsgSys.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\NavNT\vptray.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\explorer.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, F:\WINDOWS\system32\npdek.exe
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,xkjiumu.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [OneTouch Monitor] F:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] F:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUfox000(2)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O18 - Protocol: bw+0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20191 bytes

**ken545** · 2009-07-19, 20:11

Download Dr.Web CureIt to the desktop:

Doubleclick the drweb-cureit icon to start the program.
press start
Allow the program to run the initial express scan
This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.
- Note:(If the file cannot be cured, Dr.Web will automatically delete the file)
Once the scan is complete, on the menu bar, click file and choose report list.
Save the report to your desktop. The report will be called DrWeb.csv
Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
Close Dr.Web Cureit.
Please post the Dr.Web.txt report in your next reply

**ken545** · 2009-07-20, 10:10

Good Morning,

It appears you have and infection that has not be around in awhile, I had to dig around and find the tool to remove it. You can still go and run Dr Web but run this tool first.

Please download Qoofix by RubbeR DuckY from one of the following locations:

http://www.malwarebytes.org/Qoofix.zip or
http://www.besttechie.net/tools/Qoofix.zip

1. Unzip all files to a convenient location such as C:\Qoofix.
2. Go to the folder you unzipped all files and run Qoofix.exe.
3. Click Begin Removal and wait for the scan to finish.
4. If an infection has been found, select yes to restart your computer.

Finally post a new Hijack This log and the contents of the Qoofix logfile.

**HUGHE.G** · 2009-07-22, 20:30

Qoofix v1.04 by http://www.malwarebytes.org
Scan started on [7/22/2009] at [2:18:51 PM]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [7/22/2009] at [2:21:16 PM]

Note: Some registry keys may have been removed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:07 PM, on 7/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\VISION~1\ONETOU~2.EXE
F:\Program Files\NavNT\vptray.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\NavNT\defwatch.exe
F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\drivers\KodakCCS.exe
F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\NavNT\rtvscan.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\ScsiAccess.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
F:\WINDOWS\system32\MsgSys.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [OneTouch Monitor] F:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [EPSON Stylus C84 Series (Copy 1)] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /M "Stylus C84" /EF "HKCU"
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PPWebCap] F:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZUfox000(2)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdcc...d/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O18 - Protocol: bw+0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3A7E4D8F-AF41-4A4A-89B0-2EB2946CC7A4} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - F:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - F:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 20212 bytes

Thread: Need Help with virus that wont go away

Thread Tools

Display

HJT and otm log

HJT log and Rooter log

NEW logs

NEW logs

Here are the new logs

Tags for this Thread

Posting Permissions