Troj.Printspool

[jayescee316]

Hi,

I've been doing the S&D scan for a couple of weeks now and the Troj.Printspool
has been showing up all the time and its starting to bother me. I have tried other virus scans and none of them work. PLEASEEEE HELP ME ! It will be very apprecitated

Heres my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:12:36 PM, on 6/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\uqk.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Jeremy\Local Settings\Temp\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [thiwzeohhbmo] C:\WINDOWS\System32\thiwzeohhbmo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dfhcy] C:\WINDOWS\System32\dfhcy.exe
O4 - HKLM\..\Run: [xmvzx] C:\WINDOWS\System32\xmvzx.exe
O4 - HKLM\..\Run: [vguxkqmgan] C:\WINDOWS\System32\vguxkqmgan.exe
O4 - HKLM\..\Run: [bhh] C:\WINDOWS\System32\bhh.exe
O4 - HKLM\..\Run: [zticvyml] C:\WINDOWS\System32\zticvyml.exe
O4 - HKLM\..\Run: [nmi] C:\WINDOWS\System32\nmi.exe
O4 - HKLM\..\Run: [iafsoaie] C:\WINDOWS\System32\iafsoaie.exe
O4 - HKLM\..\Run: [llorpyp] C:\WINDOWS\System32\llorpyp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ycdhvnic] C:\WINDOWS\System32\ycdhvnic.exe
O4 - HKLM\..\Run: [flm] C:\WINDOWS\System32\flm.exe
O4 - HKLM\..\Run: [citzavrgrg] C:\WINDOWS\System32\citzavrgrg.exe
O4 - HKLM\..\Run: [efukuuv] C:\WINDOWS\System32\efukuuv.exe
O4 - HKLM\..\Run: [uqk] C:\WINDOWS\System32\uqk.exe
O4 - HKLM\..\Run: [cbkdzj] C:\WINDOWS\System32\cbkdzj.exe
O4 - HKLM\..\Run: [mzhdjhup] C:\WINDOWS\System32\mzhdjhup.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [bhzdshcnxmny] C:\WINDOWS\System32\bhzdshcnxmny.exe
O4 - HKLM\..\Run: [timzmcoa] C:\WINDOWS\System32\timzmcoa.exe
O4 - HKLM\..\Run: [pzhqoenwoxu] C:\WINDOWS\System32\pzhqoenwoxu.exe
O4 - HKLM\..\Run: [elxfgozfpb] C:\WINDOWS\System32\elxfgozfpb.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\dfhcy.exe

 

[Shaba]

Hi jayescee316

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

 

[jayescee316]

i guess ill reformat then

 

[Shaba]

Hi

Then there are some guidance if needed -> http://www.theeldergeek.com/clean_installation_of_windows_xp.htm

 

[jayescee316]

Can we attempt to clean my computer first ? I'll take the risk, and if it comes back then I'll just reformat my computer.



THANK YOU LOTS !

 

[Shaba]

Hi

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

[jayescee316]

Hi ,

Here is the Report.txt:

SDFix: Version 1.86

Run by Jeremy - Sat 06/09/2007 - 11:31:11.07

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\u.exe - Deleted
C:\WINDOWS\system32\z.exe - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Program Files\Microsoft Works Suite 2006\Setup\MNYINSTA.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\SETUPLNG.DLL
C:\Program Files\Microsoft Works Suite 2006\Setup\LAUNCHER.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\RMVSUITE.EXE
C:\Program Files\Microsoft Works Suite 2006\Setup\UNREGWTR.EXE
C:\WINDOWS\Help\aolsw.exe

Listing User Accounts:

User accounts for \\JEREMY-TGD0HDW6

Administrator ASPNET Guest
HelpAssistant Jeremy SUPPORT_388945a0


Finished

 

[jayescee316]

This is my new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:17 AM, on 6/9/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\ik.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [thiwzeohhbmo] C:\WINDOWS\System32\thiwzeohhbmo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [dfhcy] C:\WINDOWS\System32\dfhcy.exe
O4 - HKLM\..\Run: [xmvzx] C:\WINDOWS\System32\xmvzx.exe
O4 - HKLM\..\Run: [vguxkqmgan] C:\WINDOWS\System32\vguxkqmgan.exe
O4 - HKLM\..\Run: [bhh] C:\WINDOWS\System32\bhh.exe
O4 - HKLM\..\Run: [zticvyml] C:\WINDOWS\System32\zticvyml.exe
O4 - HKLM\..\Run: [nmi] C:\WINDOWS\System32\nmi.exe
O4 - HKLM\..\Run: [iafsoaie] C:\WINDOWS\System32\iafsoaie.exe
O4 - HKLM\..\Run: [llorpyp] C:\WINDOWS\System32\llorpyp.exe
O4 - HKLM\..\Run: [ycdhvnic] C:\WINDOWS\System32\ycdhvnic.exe
O4 - HKLM\..\Run: [flm] C:\WINDOWS\System32\flm.exe
O4 - HKLM\..\Run: [citzavrgrg] C:\WINDOWS\System32\citzavrgrg.exe
O4 - HKLM\..\Run: [efukuuv] C:\WINDOWS\System32\efukuuv.exe
O4 - HKLM\..\Run: [uqk] C:\WINDOWS\System32\uqk.exe
O4 - HKLM\..\Run: [cbkdzj] C:\WINDOWS\System32\cbkdzj.exe
O4 - HKLM\..\Run: [mzhdjhup] C:\WINDOWS\System32\mzhdjhup.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [bhzdshcnxmny] C:\WINDOWS\System32\bhzdshcnxmny.exe
O4 - HKLM\..\Run: [timzmcoa] C:\WINDOWS\System32\timzmcoa.exe
O4 - HKLM\..\Run: [pzhqoenwoxu] C:\WINDOWS\System32\pzhqoenwoxu.exe
O4 - HKLM\..\Run: [elxfgozfpb] C:\WINDOWS\System32\elxfgozfpb.exe
O4 - HKLM\..\Run: [jgwqkncd] C:\WINDOWS\System32\jgwqkncd.exe
O4 - HKLM\..\Run: [qqpqg] C:\WINDOWS\System32\qqpqg.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ik] C:\WINDOWS\System32\ik.exe
O4 - HKLM\..\RunServices: [ik] C:\WINDOWS\System32\ik.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ik.exe

 

[Shaba]

Hi

Ok, no help as I expected.

Open HijackThis, click do a system scan only and checkmark these(include also all other 04 lines with O4 - HKLM\..\Run: [random] C:\WINDOWS\System32\random.exe)


O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [thiwzeohhbmo] C:\WINDOWS\System32\thiwzeohhbmo.exe
O4 - HKLM\..\Run: [dfhcy] C:\WINDOWS\System32\dfhcy.exe
O4 - HKLM\..\Run: [xmvzx] C:\WINDOWS\System32\xmvzx.exe
O4 - HKLM\..\Run: [vguxkqmgan] C:\WINDOWS\System32\vguxkqmgan.exe
O4 - HKLM\..\Run: [bhh] C:\WINDOWS\System32\bhh.exe
O4 - HKLM\..\Run: [zticvyml] C:\WINDOWS\System32\zticvyml.exe
O4 - HKLM\..\Run: [nmi] C:\WINDOWS\System32\nmi.exe
O4 - HKLM\..\Run: [iafsoaie] C:\WINDOWS\System32\iafsoaie.exe
O4 - HKLM\..\Run: [llorpyp] C:\WINDOWS\System32\llorpyp.exe
O4 - HKLM\..\Run: [ycdhvnic] C:\WINDOWS\System32\ycdhvnic.exe
O4 - HKLM\..\Run: [flm] C:\WINDOWS\System32\flm.exe
O4 - HKLM\..\Run: [citzavrgrg] C:\WINDOWS\System32\citzavrgrg.exe
O4 - HKLM\..\Run: [efukuuv] C:\WINDOWS\System32\efukuuv.exe
O4 - HKLM\..\Run: [uqk] C:\WINDOWS\System32\uqk.exe
O4 - HKLM\..\Run: [cbkdzj] C:\WINDOWS\System32\cbkdzj.exe
O4 - HKLM\..\Run: [mzhdjhup] C:\WINDOWS\System32\mzhdjhup.exe
C:\WINDOWS\System32\bhzdshcnxmny.exe
O4 - HKLM\..\Run: [timzmcoa] C:\WINDOWS\System32\timzmcoa.exe
O4 - HKLM\..\Run: [pzhqoenwoxu] C:\WINDOWS\System32\pzhqoenwoxu.exe
O4 - HKLM\..\Run: [elxfgozfpb] C:\WINDOWS\System32\elxfgozfpb.exe
O4 - HKLM\..\Run: [jgwqkncd] C:\WINDOWS\System32\jgwqkncd.exe
O4 - HKLM\..\Run: [qqpqg] C:\WINDOWS\System32\qqpqg.exe
O4 - HKLM\..\Run: [ik] C:\WINDOWS\System32\ik.exe
O4 - HKLM\..\RunServices: [ik] C:\WINDOWS\System32\ik.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ik.exe (this part might be different -> u9i5uuoyxak3qeu and file name, too. Anyway, you should find a line with "Print Spooler Service")

Close all windows including browser and press fix checked.

Please download the Killbox.
Save it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\thiwzeohhbmo.exe
C:\WINDOWS\System32\dfhcy.exe
C:\WINDOWS\System32\xmvzx.exe
C:\WINDOWS\System32\vguxkqmgan.exe
C:\WINDOWS\System32\bhh.exe
C:\WINDOWS\System32\zticvyml.exe
C:\WINDOWS\System32\nmi.exe
C:\WINDOWS\System32\iafsoaie.exe
C:\WINDOWS\System32\llorpyp.exe
C:\WINDOWS\System32\ycdhvnic.exe
C:\WINDOWS\System32\flm.exe
C:\WINDOWS\System32\citzavrgrg.exe
C:\WINDOWS\System32\efukuuv.exe
C:\WINDOWS\System32\uqk.exe
C:\WINDOWS\System32\cbkdzj.exe
C:\WINDOWS\System32\mzhdjhup.exe
C:\WINDOWS\System32\bhzdshcnxmny.exe
C:\WINDOWS\System32\timzmcoa.exe
C:\WINDOWS\System32\pzhqoenwoxu.exe
C:\WINDOWS\System32\elxfgozfpb.exe
C:\WINDOWS\System32\jgwqkncd.exe
C:\WINDOWS\System32\qqpqg.exe
C:\WINDOWS\System32\ik.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Post a fresh HijackThis log.

 

[jayescee316]

Here's the new HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:49:23 AM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\rdysn.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\Run: [rdysn] C:\WINDOWS\System32\rdysn.exe
O4 - HKLM\..\RunServices: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\RunServices: [rdysn] C:\WINDOWS\System32\rdysn.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\rdysn.exe

 

[Shaba]

Hi

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Print Spooler Service (u9i5uuoyxak3qeu) this part might be different -> u9i5uuoyxak3qeu)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete u9i5uuoyxak3qe (if the name in the brackets is something else, use that one)
Click: OK

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKLM\..\Run: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\Run: [rdysn] C:\WINDOWS\System32\rdysn.exe
O4 - HKLM\..\RunServices: [kvgrw] C:\WINDOWS\System32\kvgrw.exe
O4 - HKLM\..\RunServices: [rdysn] C:\WINDOWS\System32\rdysn.exe

Close all windows including browser and press fix checked.

Please run Killbox.

Select "Standard file kill" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\kvgrw.exe
C:\WINDOWS\System32\rdysn.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Reboot

Post a fresh HijackThis log.

 

[jayescee316]

Here's my fresh HJT Log:


Logfile of HijackThis v1.99.1
Scan saved at 10:39:41 AM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\zaitbnq.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O4 - HKLM\..\RunServices: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\zaitbnq.exe

 

[Shaba]

Hi

A bit progress there.

Press ctrl+alt+del, find zaitbnq.exe and click "End Process"

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKLM\..\Run: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O4 - HKLM\..\RunServices: [zaitbnq] C:\WINDOWS\System32\zaitbnq.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\zaitbnq.exe

Close all windows including browser and press fix checked.

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: Print Spooler Service (u9i5uuoyxak3qeu) this part might be different -> u9i5uuoyxak3qeu)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete u9i5uuoyxak3qeu (if the name in the brackets is something else, use that one)
Click: OK

Please run Killbox.

Select "Standard file kill" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\zaitbnq.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Reboot

Post a fresh HijackThis log.

 

[jayescee316]

Thank you for you're help !


Here's my fresh HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:01:04 AM, on 6/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\ph.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKLM\..\RunServices: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ph.exe

 

[Shaba]

Hi

Please download APT and unzip the contents to a new folder on your desktop.

• Open the folder you just created and click on apt.exe and search in the window for ph.exe.
• Open your C:\Windows\system32 folder and search for ph.exe. Don't delete it yet, just leave the system32 folder open so you can see the bad file.
• In APT again, Select ph.exe and Click Kill3
• Then immediately delete ph.exe from your system32 folder.
• Close APT.

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKLM\..\Run: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKLM\..\RunServices: [ph] C:\WINDOWS\System32\ph.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ph.exe

Close all windows including browser and press fix checked.

Reboot

Post a fresh HijackThis log.

 

[jayescee316]

SORRY , but I am having trouble trying to open APT, and it is saying "The procedure GetShockObject could not be located in the DLL GDI32.DLL"

 

[Shaba]

Hi

Then we use another tool.

First run a scan with HijackThis and take a look at current filename, you can see it from 023 line.

Download Process Explorer from http://download.sysinternals.com/Files/ProcessExplorer.zip

Run Process Explorer and find the Process in the list of Processes:
ph.exe
Select the process and click Process > Suspend.

Then in HijackThis click Config > Misc Tools > Delete a file on reboot...
In the explorer Window select the file C:\WINDOWS\System32\ph.exe
When prompted if you want to reboot click YES
Leave Process explorer running with the process suspended.

After the reboot check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [ph] C:\WINDOWS\System32\ph.exe
O4 - HKLM\..\RunServices: [ph] C:\WINDOWS\System32\ph.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\ph.exe

Post a fresh HijackThis log

 

[jayescee316]

late response

Sorry for the late response, I was at school.


Heres my fresh HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:44:00 PM, on 6/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Help\aolsw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\qnnvfbor.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O4 - HKLM\..\RunServices: [qnnvfbor] C:\WINDOWS\System32\qnnvfbor.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180565052203
O18 - Protocol: bw+0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E4F7CEC1-85DA-4E9E-8F36-56A9C2388562} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: AOL Spy Watch (LD-AOL-Spy_Watchv1) - Unknown owner - C:\WINDOWS\Help\aolsw.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Print Spooler Service (u9i5uuoyxak3qeu) - Unknown owner - C:\WINDOWS\System32\qnnvfbor.exe

 

[Shaba]

Hi

Well that doesn't seem to work at all.

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Post:

- a fresh HijackThis log
- combofix report
- cureit log

 

[jayescee316]

Sorry for the late response again, here is my Combofix log:

ComboFix 07-06-13.3 - C:\Documents and Settings\Jeremy\Desktop\ComboFix.exe
"Jeremy" - 2007-06-13 10:01:34 - Service Pack 1 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


2007-06-12 22:05 <DIR> d-------- C:\DOCUME~1\Jeremy\DoctorWeb
2007-06-12 21:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 12:41 103,424 --a------ C:\WINDOWS\system32\qnnvfbor.exe
2007-06-10 18:50 99,328 --a------ C:\WINDOWS\system32\odbtnj.exe
2007-06-10 15:23 107,520 --a------ C:\WINDOWS\system32\jcmqiqjur.exe
2007-06-10 14:18 103,424 --a------ C:\WINDOWS\system32\olpb.exe
2007-06-10 09:44 <DIR> d-------- C:\!KillBox
2007-06-10 07:54 103,424 --a------ C:\WINDOWS\system32\xf.exe
2007-06-09 19:10 91,136 --a------ C:\WINDOWS\system32\xnwozhwyx.exe
2007-06-09 10:36 1,157 --a------ C:\WINDOWS\mozver.dat
2007-06-09 10:36 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Snapfish
2007-06-09 07:19 99,328 --a------ C:\WINDOWS\system32\ctplimu.exe
2007-06-08 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-06-08 16:37 103,424 --a------ C:\WINDOWS\system32\ffx.exe
2007-06-08 11:50 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2007-06-08 11:50 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2007-06-08 11:50 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-06-08 11:50 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-06-07 21:20 91,136 --a------ C:\WINDOWS\system32\jjh.exe
2007-06-07 21:08 <DIR> d-------- C:\EPSON
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\bits
2007-06-07 21:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-07 21:07 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-06-07 21:07 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Viewpoint
2007-06-07 21:05 <DIR> d-------- C:\DOCUME~1\Jeremy\Shared
2007-06-07 20:48 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-07 20:06 <DIR> d-------- C:\WINDOWS\pss
2007-06-07 19:46 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-07 18:10 99,328 --a------ C:\WINDOWS\system32\emzlvzjw.exe
2007-06-07 17:29 99,328 --a------ C:\WINDOWS\system32\udix.exe
2007-06-07 17:25 99,328 --a------ C:\WINDOWS\system32\luqyediyynnm.exe
2007-06-07 14:10 99,328 --a------ C:\WINDOWS\system32\quzdnvgaunjk.exe
2007-06-05 15:29 66,560 --a------ C:\WINDOWS\system32\py.exe
2007-06-05 15:29 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-06-05 15:27 66,560 --a------ C:\WINDOWS\system32\otueczblcmab.exe
2007-06-04 15:53 66,560 --a------ C:\WINDOWS\system32\dpzkkn.exe
2007-06-03 19:16 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-06-03 19:16 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
2007-06-03 19:16 <DIR> d-------- C:\Program Files\ArcSoft
2007-06-03 19:15 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-06-03 19:15 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-06-03 19:15 708,696 --a------ C:\WINDOWS\system32\python21.dll
2007-06-03 19:15 57,344 --a------ C:\WINDOWS\system32\PyWinTypes21.dll
2007-06-03 19:15 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-06-03 19:15 290,919 --a------ C:\WINDOWS\system32\pythoncom21.dll
2007-06-03 19:15 <DIR> d-------- C:\Program Files\Common Files\Python
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EEBUtil.dll
2007-06-03 19:14 65,536 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-06-03 19:14 54,272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll
2007-06-03 19:14 139,264 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-06-03 19:14 122,880 --a------ C:\WINDOWS\system32\EEBAPI.dll
2007-06-03 19:14 102,400 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2007-06-03 19:14 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-06-03 19:13 90,112 --a------ C:\WINDOWS\system32\epcomdd.dll
2007-06-03 19:13 86,016 --a------ C:\WINDOWS\system32\epfb5cpl.dll
2007-06-03 19:13 77,824 --a------ C:\WINDOWS\system32\Esintpl.dll
2007-06-03 19:13 53,248 --a------ C:\WINDOWS\system32\esicm.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2007-06-03 19:13 47,104 --a------ C:\WINDOWS\system32\escimgd.dll
2007-06-03 19:13 35,840 --a------ C:\WINDOWS\system32\escwian.dll
2007-06-03 19:13 33,280 --a------ C:\WINDOWS\system32\esccm.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiad.dll
2007-06-03 19:13 32,256 --a------ C:\WINDOWS\system32\escwiab.dll
2007-06-03 19:13 27,648 --a------ C:\WINDOWS\system32\escimg.dll
2007-06-03 19:13 23,552 --a------ C:\WINDOWS\system32\esccmn.dll
2007-06-03 19:13 22,528 --a------ C:\WINDOWS\system32\esccmd.dll
2007-06-03 19:13 184,320 --a------ C:\WINDOWS\system32\esdtr.dll
2007-06-03 19:13 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-03 19:13 126,976 --a------ C:\WINDOWS\system32\Esint23.dll
2007-06-03 19:13 <DIR> d-------- C:\Program Files\EPSON
2007-06-02 23:13 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-06-02 23:13 <DIR> d-------- C:\Program Files\AIM
2007-06-02 21:06 66,560 --a------ C:\WINDOWS\system32\sd.exe
2007-06-02 21:06 66,560 --a------ C:\WINDOWS\system32\cfxfhlwkp.exe
2007-06-02 12:31 66,560 --a------ C:\WINDOWS\system32\ca.exe
2007-06-02 12:25 66,560 --a------ C:\WINDOWS\system32\alhn.exe
2007-06-02 12:17 66,560 --a------ C:\WINDOWS\system32\ww.exe
2007-06-02 09:11 <DIR> d-------- C:\Program Files\Steam
2007-06-02 08:33 66,560 --a------ C:\WINDOWS\system32\guvckfm.exe
2007-06-02 08:33 62,464 --a------ C:\WINDOWS\system32\skuedcoe.exe
2007-06-01 16:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-01 16:29 66,560 --a------ C:\WINDOWS\system32\jsqypn.exe
2007-05-30 15:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-30 15:45 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-05-30 15:45 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-05-30 15:45 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-30 15:45 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-30 15:44 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-30 15:44 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-30 15:44 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-30 15:44 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-30 15:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-29 19:17 <DIR> d-------- C:\DOCUME~1\Jeremy\APPLIC~1\Aim
2007-05-29 16:59 <DIR> d-------- C:\Program Files\AOD
2007-05-29 16:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-05-28 20:47 <DIR> d-------- C:\WINDOWS\ShellNew
2007-05-28 20:44 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-28 20:44 <DIR> d-------- C:\Program Files\Microsoft Works Suite 2006


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 23:40:38 -------- d-----w C:\Program Files\Messenger
2007-06-08 03:51:13 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-04 02:16:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-30 22:44:38 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-13 01:53:12 -------- d-----w C:\Program Files\Realtek
2007-05-13 01:50:47 -------- d-----w C:\Program Files\NVIDIA Corporation
2007-05-13 01:50:16 -------- d-----w C:\DOCUME~1\Jeremy\APPLIC~1\InstallShield
2007-05-13 01:42:21 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-13 01:42:13 0 --sha-r C:\MSDOS.SYS
2007-05-13 01:42:13 0 --sha-r C:\IO.SYS
2007-05-13 01:42:13 0 ----a-w C:\CONFIG.SYS
2007-05-13 01:42:13 0 ----a-w C:\AUTOEXEC.BAT
2007-05-13 01:41:12 -------- d-----w C:\Program Files\Movie Maker
2007-05-13 01:40:41 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-05-13 01:40:12 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-13 01:40:09 -------- d-----w C:\Program Files\Online Services
2007-05-13 01:40:02 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-05-13 01:39:59 -------- d-----w C:\Program Files\Windows NT
2007-05-12 18:35:17 -------- d-----w C:\Program Files\Common Files\ODBC
2007-05-12 18:35:15 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-21 16:20]
"Steam"="c:\program files\steam\steam.exe" [2007-06-02 09:11]
"AIM"="C:\Program Files\AIM\aim.exe" [2003-09-25 04:28]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-11-15 16:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"qnnvfbor"=C:\WINDOWS\System32\qnnvfbor.exe


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 10:02:07
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-13 10:02:27
C:\ComboFix2.txt ... 2007-06-12 21:44

--- E O F ---