Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help needed with llehs.com and win antivirus 2007 popups [RESOLVED]

Started by kikomonster , Jul 10 2007 10:38 AM

  • This topic is locked This topic is locked

#1
kikomonster
Posted 10 July 2007 - 10:38 AM

kikomonster

    Member

  • Member
  • PipPip
  • 17 posts
Hi malware experts,

I've been reading through the forums with some similar problems that I have so I think you can help me. I have downloade Hijackthis from download.com and the resulting log file is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:50 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\iFrank\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "F:\WINDOWS\system32\ndbgxsde.dll",forkonce
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
  • 0

Advertisements

#2
sari
Posted 12 July 2007 - 09:37 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
kikomonster,

Hi, and welcome to Geeks to Go. I'm going to help you clean your PC.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Thanks,

sari
  • 0

#3
kikomonster
Posted 12 July 2007 - 12:52 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Sari,

During the vundofix scan, it did ask to reboot since a file cannot be deleted. After the reboot I clicked on remove file for the 1 remaining file it didnt delete. Also, norton antivirus detected a trojan and removed it durinf the vundufix scan. Here is the HJT log and the vundufix.txt:

Logfile of HijackThis v1.99.1
Scan saved at 2:47:05 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Documents and Settings\iFrank\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe





VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:22:12 PM 7/12/2007

Listing files found while scanning....

F:\windows\system32\lkhosgao.ini
F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\neffxgpp.dll
F:\windows\system32\oagsohkl.dll
F:\windows\system32\uyyccfik.dll
F:\WINDOWS\system32\xcigkrdp.dll

Beginning removal...

Attempting to delete F:\windows\system32\lkhosgao.ini
F:\windows\system32\lkhosgao.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.bak2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.ini2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\mmllm.tmp Has been deleted!

Attempting to delete F:\WINDOWS\system32\neffxgpp.dll
F:\WINDOWS\system32\neffxgpp.dll Has been deleted!

Attempting to delete F:\windows\system32\oagsohkl.dll
F:\windows\system32\oagsohkl.dll Has been deleted!

Attempting to delete F:\windows\system32\uyyccfik.dll
F:\windows\system32\uyyccfik.dll Has been deleted!

Attempting to delete F:\WINDOWS\system32\xcigkrdp.dll
F:\WINDOWS\system32\xcigkrdp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#4
kikomonster
Posted 12 July 2007 - 01:26 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Sari,

Sorry for double posting but after re-reading your instructions, I clicked on remove vundu instead of scan for vundu after the reboot. So I did the whole process again and here are the results. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 3:24:11 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Documents and Settings\iFrank\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - F:\WINDOWS\system32\ofumlaxf.dll
O2 - BHO: (no name) - {AD8CF886-BED9-45E9-9F18-9F619F7034B9} - F:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - F:\WINDOWS\system32\ljjhfec.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ljjhfec - F:\WINDOWS\SYSTEM32\ljjhfec.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - F:\WINDOWS\SYSTEM32\winosz32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe




VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:22:12 PM 7/12/2007

Listing files found while scanning....

F:\windows\system32\lkhosgao.ini
F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\neffxgpp.dll
F:\windows\system32\oagsohkl.dll
F:\windows\system32\uyyccfik.dll
F:\WINDOWS\system32\xcigkrdp.dll

Beginning removal...

Attempting to delete F:\windows\system32\lkhosgao.ini
F:\windows\system32\lkhosgao.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.bak2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.ini2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\mmllm.tmp Has been deleted!

Attempting to delete F:\WINDOWS\system32\neffxgpp.dll
F:\WINDOWS\system32\neffxgpp.dll Has been deleted!

Attempting to delete F:\windows\system32\oagsohkl.dll
F:\windows\system32\oagsohkl.dll Has been deleted!

Attempting to delete F:\windows\system32\uyyccfik.dll
F:\windows\system32\uyyccfik.dll Has been deleted!

Attempting to delete F:\WINDOWS\system32\xcigkrdp.dll
F:\WINDOWS\system32\xcigkrdp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:59:20 PM 7/12/2007

Listing files found while scanning....

F:\WINDOWS\system32\jkkll.dll
F:\WINDOWS\system32\llkkj.bak1
F:\WINDOWS\system32\llkkj.ini

Beginning removal...

Attempting to delete F:\WINDOWS\system32\jkkll.dll
F:\WINDOWS\system32\jkkll.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\llkkj.bak1
F:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\llkkj.ini
F:\WINDOWS\system32\llkkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 3:09:02 PM 7/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 3:18:44 PM 7/12/2007

Listing files found while scanning....

No infected files were found.



Also, a command prompt still keeps popping up with a file path of F:/windows/temp/winxxx-1.exe (where xxx changes everytime). I checked that folder and there is a ton of winxxx.tmp files located in it.

Edited by kikomonster, 12 July 2007 - 01:49 PM.

  • 0

#5
sari
Posted 14 July 2007 - 01:23 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
kikomonster,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - F:\WINDOWS\system32\ofumlaxf.dll

Now close all windows other than HiJackThis, then click Fix Checked.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Thanks,

sari
  • 0

#6
kikomonster
Posted 14 July 2007 - 02:54 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Sari,

Thanks for the response. Here are the HJT log and vundu.txt:


Logfile of HijackThis v1.99.1
Scan saved at 4:50:33 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Documents and Settings\iFrank\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD8CF886-BED9-45E9-9F18-9F619F7034B9} - F:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - F:\WINDOWS\system32\ljjhfec.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ljjhfec - F:\WINDOWS\SYSTEM32\ljjhfec.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - F:\WINDOWS\SYSTEM32\winosz32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe





VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:22:12 PM 7/12/2007

Listing files found while scanning....

F:\windows\system32\lkhosgao.ini
F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\neffxgpp.dll
F:\windows\system32\oagsohkl.dll
F:\windows\system32\uyyccfik.dll
F:\WINDOWS\system32\xcigkrdp.dll

Beginning removal...

Attempting to delete F:\windows\system32\lkhosgao.ini
F:\windows\system32\lkhosgao.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.bak2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.ini2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\mmllm.tmp Has been deleted!

Attempting to delete F:\WINDOWS\system32\neffxgpp.dll
F:\WINDOWS\system32\neffxgpp.dll Has been deleted!

Attempting to delete F:\windows\system32\oagsohkl.dll
F:\windows\system32\oagsohkl.dll Has been deleted!

Attempting to delete F:\windows\system32\uyyccfik.dll
F:\windows\system32\uyyccfik.dll Has been deleted!

Attempting to delete F:\WINDOWS\system32\xcigkrdp.dll
F:\WINDOWS\system32\xcigkrdp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:59:20 PM 7/12/2007

Listing files found while scanning....

F:\WINDOWS\system32\jkkll.dll
F:\WINDOWS\system32\llkkj.bak1
F:\WINDOWS\system32\llkkj.ini

Beginning removal...

Attempting to delete F:\WINDOWS\system32\jkkll.dll
F:\WINDOWS\system32\jkkll.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\llkkj.bak1
F:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\llkkj.ini
F:\WINDOWS\system32\llkkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 3:09:02 PM 7/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 3:18:44 PM 7/12/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 4:06:13 PM 7/14/2007

Listing files found while scanning....

F:\WINDOWS\system32\awtsr.dll
F:\WINDOWS\system32\rstwa.bak1
F:\WINDOWS\system32\rstwa.bak2
F:\WINDOWS\system32\rstwa.ini2
F:\WINDOWS\system32\rstwa.tmp

Beginning removal...

Attempting to delete F:\WINDOWS\system32\awtsr.dll
F:\WINDOWS\system32\awtsr.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\rstwa.bak1
F:\WINDOWS\system32\rstwa.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\rstwa.bak2
F:\WINDOWS\system32\rstwa.bak2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\rstwa.ini2
F:\WINDOWS\system32\rstwa.ini2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\rstwa.tmp
F:\WINDOWS\system32\rstwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 4:28:16 PM 7/14/2007

Listing files found while scanning....

F:\WINDOWS\system32\awtst.dll
F:\WINDOWS\system32\tstwa.bak1
F:\WINDOWS\system32\tstwa.ini

Beginning removal...

Attempting to delete F:\WINDOWS\system32\awtst.dll
F:\WINDOWS\system32\awtst.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\tstwa.bak1
F:\WINDOWS\system32\tstwa.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\tstwa.ini
F:\WINDOWS\system32\tstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 4:40:17 PM 7/14/2007

Listing files found while scanning....

No infected files were found.




Also, The command prompt still pops up.
  • 0

#7
sari
Posted 17 July 2007 - 08:43 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
kikomonster,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {AD8CF886-BED9-45E9-9F18-9F619F7034B9} - F:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - F:\WINDOWS\system32\ljjhfec.dll
O20 - Winlogon Notify: ljjhfec - F:\WINDOWS\SYSTEM32\ljjhfec.dll
O20 - Winlogon Notify: winosz32 - F:\WINDOWS\SYSTEM32\winosz32.dll

Now close all windows other than HiJackThis, then click Fix Checked.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    F:\WINDOWS\system32\ljjhfec.dll
    F:\WINDOWS\SYSTEM32\winosz32.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Please go HERE to run Panda's ActiveScan - you must use Internet Explorer for this to work.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • If it wants to install an ActiveX component allow it
  • Select either Home User or Company
  • Click the big Scan Now button
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Please include the Activescan report and a new hijackthis log in your reply.

Thanks,

sari
  • 0

#8
kikomonster
Posted 17 July 2007 - 01:59 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Sari,

The entries that you have listed did not appear on the HJT log. Here is the first scan I did.

Logfile of HijackThis v1.99.1
Scan saved at 1:22:09 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\iFrank\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe




And here is the Activescan text from panda:





Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected F:\WINDOWS\system32\ljjhfec.dll
Dialer:Dialer.KLB Not disinfected F:\WINDOWS\system32\winosz32.dll
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.com.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.pacificpoker.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.888.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.overture.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Windows XP\Cookies\windows xp@atdmt[2].txt
Adware:Adware/Gator Not disinfected C:\Documents and Settings\Windows XP\My Documents\Francis\downloads\DivX\DivXPro503GAINBundle.exe
Virus:W32/Sdbot.BTE.worm Disinfected C:\WINDOWS\system32\TFTP1444
Virus:W32/Sdbot.BTE.worm Disinfected C:\WINDOWS\system32\TFTP3032
Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\iFrank\Cookies\ifrank@atdmt[2].txt
Spyware:Spyware/Virtumonde Not disinfected F:\VundoFix Backups\oagsohkl.dll.bad
Virus:Trj/Downloader.OZB Disinfected F:\WINDOWS\system32\hnjvskmj.exe
Virus:Trj/Spammer.ACZ Disinfected F:\WINDOWS\system32\rsvp322.dllyrt
Virus:Trj/Downloader.OZB Disinfected F:\WINDOWS\system32\rvduhjmk.exe
Virus:Trj/Downloader.OZB Disinfected F:\WINDOWS\system32\wxoiiusr.exe

Edited by kikomonster, 17 July 2007 - 02:03 PM.

  • 0

#9
kikomonster
Posted 17 July 2007 - 07:13 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi again Sari,

After what I did in the last post, I followed your instructions to use killbox. I did get the PendingFileRenameOperations prompt. And i did another panda active scan afterwards. Also, I've read in another thread ( http://www.geekstogo...an-t163015.html ) that some malware are hiding themselves from hijackthis and to pass through this, one needs to rename hijackthis.exe to another file name. I did this using holdup.exe and it gave me a totally different hijackthis log. This log now includes the entries you want me to fix and more. I didn't do the fix yet as I want you to see this new hjt log file before I do something else.

HJT log file using renamed holdup.exe:

Logfile of HijackThis v1.99.1
Scan saved at 8:58:38 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Documents and Settings\iFrank\Desktop\holdup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {025A9896-AE60-4D9A-8F59-E5F3094AC47D} - F:\WINDOWS\system32\geebb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - F:\WINDOWS\system32\dceuqywj.dll
O2 - BHO: (no name) - {AD8CF886-BED9-45E9-9F18-9F619F7034B9} - F:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - F:\WINDOWS\system32\ljjhfec.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "F:\WINDOWS\system32\lnpbdwuq.dll",forkonce
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: geebb - F:\WINDOWS\system32\geebb.dll
O20 - Winlogon Notify: ljjhfec - F:\WINDOWS\SYSTEM32\ljjhfec.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - F:\WINDOWS\SYSTEM32\winosz32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe



Panda Activescan text:




Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected F:\WINDOWS\system32\ljjhfec.dll
Dialer:Dialer.KLB Not disinfected F:\WINDOWS\system32\winosz32.dll
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.com.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.pacificpoker.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.888.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.overture.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\9puakz5s.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Windows XP\Cookies\windows xp@atdmt[2].txt
Adware:Adware/Gator Not disinfected C:\Documents and Settings\Windows XP\My Documents\Francis\downloads\DivX\DivXPro503GAINBundle.exe
Spyware:Spyware/Virtumonde Not disinfected F:\!KillBox\ljjhfec.dll
Spyware:Spyware/Virtumonde Not disinfected F:\!KillBox\ljjhfec.dll( 2)
Dialer:Dialer.KLB Not disinfected F:\!KillBox\winosz32.dll
Dialer:Dialer.KLB Not disinfected F:\!KillBox\winosz32.dll( 1)
Spyware:Cookie/Winantivirus Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Reliablestats Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/YieldManager Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Zedo Not disinfected F:\Documents and Settings\iFrank\Application Data\Mozilla\Firefox\Profiles\pvxko4nd.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atlas DMT Not disinfected F:\Documents and Settings\iFrank\Cookies\ifrank@atdmt[2].txt
Spyware:Cookie/Clickbank Not disinfected F:\Documents and Settings\iFrank\Cookies\ifrank@clickbank[2].txt
Spyware:Cookie/Doubleclick Not disinfected F:\Documents and Settings\iFrank\Cookies\ifrank@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected F:\Documents and Settings\iFrank\Cookies\ifrank@drivecleaner[3].txt
Spyware:Cookie/Reliablestats Not disinfected F:\Documents and Settings\iFrank\Cookies\[email protected][2].txt
Spyware:Cookie/Winantivirus Not disinfected F:\Documents and Settings\iFrank\Cookies\ifrank@winantivirus[2].txt
Virus:Trj/Downloader.OZB Disinfected F:\Documents and Settings\iFrank\Local Settings\Temporary Internet Files\Content.IE5\3O4ZG23L\_jnvm[1]
Spyware:Spyware/Virtumonde Not disinfected F:\VundoFix Backups\oagsohkl.dll.bad
Virus:Trj/Downloader.OZB Disinfected F:\WINDOWS\system32\bdcohtsq.exe
Virus:Trj/Downloader.OZB Disinfected F:\WINDOWS\system32\dceuqywj.dll



I hope this helps. Thanks.
  • 0

#10
sari
Posted 18 July 2007 - 11:50 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
kikomonster,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [icq.com] rundll32.exe "F:\WINDOWS\system32\lnpbdwuq.dll",forkonce

Now close all windows other than HiJackThis, then click Fix Checked.

Let's try running vundofix again - it did delete it the first time and show me those entries in your log, and then it was reinstalled.

.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Thanks,

sari
  • 0

Advertisements

#11
kikomonster
Posted 19 July 2007 - 01:18 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Sari,

Here are the new hjt log and vundu.txt after the vundufix scan. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 3:15:27 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Documents and Settings\iFrank\Desktop\holdup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - F:\WINDOWS\system32\dceuqywj.dll (file missing)
O2 - BHO: (no name) - {AD8CF886-BED9-45E9-9F18-9F619F7034B9} - F:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {B34CBBC6-DBF3-4623-92BC-7761E2919856} - F:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F} - F:\WINDOWS\system32\ljjhfec.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ljjhfec - F:\WINDOWS\SYSTEM32\ljjhfec.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winosz32 - F:\WINDOWS\SYSTEM32\winosz32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoogleDesktopManager - Google - F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe



VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:22:12 PM 7/12/2007

Listing files found while scanning....

F:\windows\system32\lkhosgao.ini
F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\neffxgpp.dll
F:\windows\system32\oagsohkl.dll
F:\windows\system32\uyyccfik.dll
F:\WINDOWS\system32\xcigkrdp.dll

Beginning removal...

Attempting to delete F:\windows\system32\lkhosgao.ini
F:\windows\system32\lkhosgao.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\mmllm.bak1
F:\WINDOWS\system32\mmllm.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.bak2
F:\WINDOWS\system32\mmllm.bak2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini
F:\WINDOWS\system32\mmllm.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.ini2
F:\WINDOWS\system32\mmllm.ini2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\mmllm.tmp
F:\WINDOWS\system32\mmllm.tmp Has been deleted!

Attempting to delete F:\WINDOWS\system32\neffxgpp.dll
F:\WINDOWS\system32\neffxgpp.dll Has been deleted!

Attempting to delete F:\windows\system32\oagsohkl.dll
F:\windows\system32\oagsohkl.dll Has been deleted!

Attempting to delete F:\windows\system32\uyyccfik.dll
F:\windows\system32\uyyccfik.dll Has been deleted!

Attempting to delete F:\WINDOWS\system32\xcigkrdp.dll
F:\WINDOWS\system32\xcigkrdp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete F:\WINDOWS\system32\mllmm.dll
F:\WINDOWS\system32\mllmm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:59:20 PM 7/12/2007

Listing files found while scanning....

F:\WINDOWS\system32\jkkll.dll
F:\WINDOWS\system32\llkkj.bak1
F:\WINDOWS\system32\llkkj.ini

Beginning removal...

Attempting to delete F:\WINDOWS\system32\jkkll.dll
F:\WINDOWS\system32\jkkll.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\llkkj.bak1
F:\WINDOWS\system32\llkkj.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\llkkj.ini
F:\WINDOWS\system32\llkkj.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 3:09:02 PM 7/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 3:18:44 PM 7/12/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 4:06:13 PM 7/14/2007

Listing files found while scanning....

F:\WINDOWS\system32\awtsr.dll
F:\WINDOWS\system32\rstwa.bak1
F:\WINDOWS\system32\rstwa.bak2
F:\WINDOWS\system32\rstwa.ini2
F:\WINDOWS\system32\rstwa.tmp

Beginning removal...

Attempting to delete F:\WINDOWS\system32\awtsr.dll
F:\WINDOWS\system32\awtsr.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\rstwa.bak1
F:\WINDOWS\system32\rstwa.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\rstwa.bak2
F:\WINDOWS\system32\rstwa.bak2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\rstwa.ini2
F:\WINDOWS\system32\rstwa.ini2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\rstwa.tmp
F:\WINDOWS\system32\rstwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 4:28:16 PM 7/14/2007

Listing files found while scanning....

F:\WINDOWS\system32\awtst.dll
F:\WINDOWS\system32\tstwa.bak1
F:\WINDOWS\system32\tstwa.ini

Beginning removal...

Attempting to delete F:\WINDOWS\system32\awtst.dll
F:\WINDOWS\system32\awtst.dll Could not be deleted.

Attempting to delete F:\WINDOWS\system32\tstwa.bak1
F:\WINDOWS\system32\tstwa.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\tstwa.ini
F:\WINDOWS\system32\tstwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 4:40:17 PM 7/14/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 2:19:52 PM 7/19/2007

Listing files found while scanning....

F:\WINDOWS\system32\bbeeg.bak1
F:\WINDOWS\system32\bbeeg.bak2
F:\WINDOWS\system32\bbeeg.ini
F:\WINDOWS\system32\bbeeg.ini2
F:\WINDOWS\system32\bbeeg.tmp
F:\WINDOWS\system32\geebb.dll

Beginning removal...

Attempting to delete F:\WINDOWS\system32\bbeeg.bak1
F:\WINDOWS\system32\bbeeg.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\bbeeg.bak2
F:\WINDOWS\system32\bbeeg.bak2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\bbeeg.ini
F:\WINDOWS\system32\bbeeg.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\bbeeg.ini2
F:\WINDOWS\system32\bbeeg.ini2 Has been deleted!

Attempting to delete F:\WINDOWS\system32\bbeeg.tmp
F:\WINDOWS\system32\bbeeg.tmp Has been deleted!

Attempting to delete F:\WINDOWS\system32\geebb.dll
F:\WINDOWS\system32\geebb.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 3:00:49 PM 7/19/2007

Listing files found while scanning....

F:\WINDOWS\system32\cdeeg.bak1
F:\WINDOWS\system32\cdeeg.ini
F:\WINDOWS\system32\geedc.dll

Beginning removal...

Attempting to delete F:\WINDOWS\system32\cdeeg.bak1
F:\WINDOWS\system32\cdeeg.bak1 Has been deleted!

Attempting to delete F:\WINDOWS\system32\cdeeg.ini
F:\WINDOWS\system32\cdeeg.ini Has been deleted!

Attempting to delete F:\WINDOWS\system32\geedc.dll
F:\WINDOWS\system32\geedc.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#12
sari
Posted 20 July 2007 - 03:54 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
kikomonster,

1. Download ComboFix.exe using either of these links:

* bleepingcomputer.com

* techsupportforum.com

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Thanks,

sari
  • 0

#13
kikomonster
Posted 20 July 2007 - 09:56 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi sari,

Here are the logs you requested. I hope it helps. Thanks again.


"iFrank" - 2007-07-20 23:34:05 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


F:\WINDOWS\system32\awtst.dll
F:\WINDOWS\system32\ofumlaxf.dll
F:\WINDOWS\system32\winosz32.dll
F:\WINDOWS\system32\ybeeg.bak1
F:\WINDOWS\system32\ybeeg.ini
F:\WINDOWS\system32\ybeeg.ini2
F:\WINDOWS\system32\ybeeg.tmp
F:\WINDOWS\system32\geeby.dll
F:\WINDOWS\system32\ljjhfec.dll
F:\WINDOWS\system32\ljjhfec.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


2007-07-20 23:32 51,200 --a------ F:\WINDOWS\nircmd.exe
2007-07-17 18:02 8,576 --a------ F:\WINDOWS\system32\drivers\hwbyevhpskoc.sys
2007-07-17 17:42 <DIR> d-------- F:\!KillBox
2007-07-17 13:36 8,576 --a------ F:\WINDOWS\system32\drivers\rcrlqklhcrpp.sys
2007-07-17 13:26 <DIR> d-------- F:\WINDOWS\system32\ActiveScan
2007-07-12 14:22 <DIR> d-------- F:\VundoFix Backups
2007-07-10 06:24 524,288 --ah----- F:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-10 03:39 <DIR> d-------- F:\Program Files\XoftSpySE
2007-07-10 03:13 22,112 -ra------ F:\WINDOWS\system32\drivers\COH_Mon.sys
2007-07-10 02:16 <DIR> d-------- F:\WINDOWS\network diagnostic
2007-07-09 20:04 <DIR> d-------- F:\Program Files\Common Files\Apple
2007-07-09 20:04 <DIR> d-------- F:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-09 00:06 8,704 --a------ F:\WINDOWS\system32\sporder.dll
2007-07-08 14:03 <DIR> d-------- F:\Program Files\Windows Journal Viewer
2007-07-04 20:55 40,296 --a------ F:\DOCUME~1\iFrank\APPLIC~1\GDIPFONTCACHEV1.DAT


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 16:31:24 -------- d-----w F:\Program Files\Picasa2
2007-07-19 18:19:23 -------- d-----w F:\Program Files\Common Files\Symantec Shared
2007-07-18 00:38:19 -------- d-----w F:\Program Files\Windows Live Toolbar
2007-07-18 00:38:03 -------- d-----w F:\Program Files\WinAce
2007-07-18 00:37:46 -------- d-----w F:\Program Files\TuneUp Utilities 2006
2007-07-18 00:35:50 -------- d-----w F:\Program Files\Q-Type
2007-07-18 00:35:14 -------- d-----w F:\Program Files\Norton AntiVirus
2007-07-18 00:35:02 -------- d-----w F:\Program Files\MSN Messenger
2007-07-18 00:34:03 -------- d-----w F:\Program Files\Messenger
2007-07-18 00:29:11 -------- d-----w F:\Program Files\iTunes
2007-07-18 00:27:44 -------- d-----w F:\Program Files\DAEMON Tools
2007-07-18 00:08:00 -------- d-----w F:\Program Files\Common Files\Stardock
2007-07-17 19:15:40 -------- d-----w F:\Program Files\Symantec
2007-07-15 23:54:23 -------- d-----w F:\Program Files\Starcraft
2007-07-10 08:33:39 -------- d-----w F:\DOCUME~1\iFrank\APPLIC~1\Azureus
2007-07-10 01:37:43 12,528 ----a-w F:\WINDOWS\system32\drivers\secdrv.sys
2007-07-10 00:10:24 -------- d-----w F:\Program Files\iPod
2007-07-06 15:32:33 -------- d-----w F:\DOCUME~1\iFrank\APPLIC~1\Vso
2007-07-06 14:09:07 1,744 ----a-w F:\WINDOWS\system32\d3d9caps.dat
2007-06-19 16:34:15 -------- d-----w F:\DOCUME~1\iFrank\APPLIC~1\DivX
2007-06-19 06:04:18 -------- d-----w F:\Program Files\DivX
2007-06-18 04:11:41 -------- d-----w F:\Program Files\otron.net
2007-06-17 23:26:32 -------- d-----w F:\Program Files\LimeWire
2007-06-06 05:53:11 -------- d-----w F:\Program Files\Google
2007-06-05 17:18:06 -------- d-----w F:\DOCUME~1\iFrank\APPLIC~1\MathWorks
2007-05-31 22:36:52 -------- d-----w F:\Program Files\Apple Software Update
2007-05-31 06:45:07 524,288 ----a-w F:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w F:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w F:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w F:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w F:\WINDOWS\system32\DivX.dll
2007-05-27 00:36:30 -------- d-----w F:\Program Files\Azureus
2007-05-25 04:15:56 107,132 ----a-w F:\WINDOWS\UninstallFirefox.exe
2007-05-25 04:15:52 3,658 ----a-w F:\WINDOWS\mozver.dat
2007-05-22 16:18:41 -------- d-----w F:\Program Files\MTV Networks
2007-05-22 16:11:27 -------- d-----w F:\Program Files\Windows Media Connect 2
2007-05-21 21:45:45 806 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-05-21 21:45:45 8,014 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-05-21 21:45:45 48,776 ----a-w F:\WINDOWS\system32\S32EVNT1.DLL
2007-05-21 21:45:45 115,000 ----a-w F:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-16 15:12:02 683,520 ----a-w F:\WINDOWS\system32\inetcomm.dll
2007-05-08 13:44:43 1,632 ----a-w F:\WINDOWS\system32\d3d8caps.dat
2007-04-25 14:21:15 144,896 ----a-w F:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w F:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:24 129,784 ----a-w F:\WINDOWS\system32\pxafs.dll
2007-04-23 00:15:24 118,520 ----a-w F:\WINDOWS\system32\pxinsi64.exe
2007-04-23 00:15:24 116,472 ----a-w F:\WINDOWS\system32\pxcpyi64.exe
2007-04-23 00:15:18 200,704 ----a-w F:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w F:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w F:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w F:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w F:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w F:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w F:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w F:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w F:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w F:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w F:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w F:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-10-22 03:46:07 81,920 ----a-w F:\DOCUME~1\iFrank\APPLIC~1\ezpinst.exe
2006-10-22 03:46:07 47,360 ----a-w F:\DOCUME~1\iFrank\APPLIC~1\pcouffin.sys
2006-10-18 04:28:10 1,000 ----a-w F:\Program Files\UltimateBet.dat
2006-10-18 04:27:56 3,829 ----a-w F:\Program Files\INSTALL.LOG
2004-10-01 20:00:16 40,960 ----a-w F:\Program Files\Uninstall_CDS.exe
2002-07-26 21:02:06 153,088 ----a-w F:\Program Files\UNWISE.EXE


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 21:33 322368 --a------ F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD8CF886-BED9-45E9-9F18-9F619F7034B9}]
F:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-06 01:52 324536 --a------ F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B34CBBC6-DBF3-4623-92BC-7761E2919856}]
F:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2007-02-12 15:56 546672 --a------ F:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-07-28 14:19 F:\WINDOWS\system32\nwiz.exe]
"Cmaudio"="cmicnfg.cpl" []
"WD Button Manager"="WDBtnMgr.exe" [2006-09-10 15:16 F:\WINDOWS\system32\WDBtnMgr.exe]
"LVCOMS"="F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"Firefly"="F:\Program Files\SnapStream Media\Firefly\Firefly.exe" [2006-06-05 18:52]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"DAEMON Tools"="F:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57]
"RemoteControl"="F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"InCD"="F:\Program Files\Ahead\InCD\InCD.exe" [2006-03-13 22:06]
"QuickTime Task"="F:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 16:22 F:\WINDOWS\soundman.exe]
"ccApp"="F:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="F:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22]
"Google Desktop Search"="F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-20 23:27]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"Symantec PIF AlertEng"="F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Picasa Media Detector"="F:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="F:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"WMPNSCFG"="F:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]

F:\DOCUME~1\iFrank\STARTM~1\Programs\Startup
Stardock ObjectDock.lnk - F:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-10-16 01:03:15]

F:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26]
Enable Q-Type Driver.lnk - F:\Program Files\Q-Type\Versato.exe [2007-05-03 13:33:41]
Google Updater.lnk - F:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-06 01:52:56]
Microsoft Office.lnk - F:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=F:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
F:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"F:\Program Files\lg_fwupdate\fwupdate.exe" blrun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
F:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
F:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"F:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c025fda-f3d0-11d8-88ef-b8ce75a87dea}]
AutoRun\command- J:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-07-09 19:25:01 F:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-20 18:04:04 F:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2007-07-07 00:01:22 F:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - iFrank.job
2007-07-21 03:45:38 F:\WINDOWS\tasks\XoftSpySE 2.job
2007-07-10 08:25:28 F:\WINDOWS\tasks\XoftSpySE.job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 23:46:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-20 23:51:19 - machine was rebooted
F:\ComboFix-quarantined-files.txt ... 2007-07-20 23:50

--- E O F ---



Logfile of HijackThis v1.99.1
Scan saved at 11:56:14 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Picasa2\PicasaMediaDetector.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\iFrank\Desktop\holdup.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD8CF886-BED9-45E9-9F18-9F619F7034B9} - F:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {B34CBBC6-DBF3-4623-92BC-7761E2919856} - F:\WINDOWS\system32\geedc.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
  • 0

#14
sari
Posted 24 July 2007 - 02:26 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
kikomonster,

I apologize for the delay. It's difficult for me to get on on the weekends and I was busy yesterday as well.

Show Hidden Files
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Please go to Uploadmalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for this filename: F:\WINDOWS\system32\drivers\hwbyevhpskoc.sys
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File
Please repeat this for the following file:

F:\WINDOWS\system32\drivers\rcrlqklhcrpp.sys

Hide Hidden Files
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Use Killbox to delete some files:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    F:\WINDOWS\system32\drivers\hwbyevhpskoc.sys
    F:\WINDOWS\system32\drivers\rcrlqklhcrpp.sys

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AD8CF886-BED9-45E9-9F18-9F619F7034B9} - F:\WINDOWS\system32\mllmm.dll (file missing)
O2 - BHO: (no name) - {B34CBBC6-DBF3-4623-92BC-7761E2919856} - F:\WINDOWS\system32\geedc.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Use ATF Cleaner to clean your temporary files again:

Double-click ATF-Cleaner.exe to run the program (I had you download this program earlier).
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot, and post a new hijackthis log. Let me know if you're still getting that popup box.

Thanks,

sari

Edited by sari, 24 July 2007 - 02:28 PM.

  • 0

#15
kikomonster
Posted 24 July 2007 - 04:26 PM

kikomonster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi Sari,

Thanks for your reply. I did all the steps you asked. Also, i've uploaded the files you want. So far, the popup hasnt shown up yet. Here is the hjt log file. Thanks for all your help. I will check back on this thread in case you see something in the hjt log. Again, thanks for all your help.

Logfile of HijackThis v1.99.1
Scan saved at 6:20:54 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\WDBtnMgr.exe
F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
F:\Program Files\SnapStream Media\Firefly\Firefly.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\DAEMON Tools\daemon.exe
F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
F:\Program Files\Ahead\InCD\InCD.exe
F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Picasa2\PicasaMediaDetector.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\Q-Type\Versato.exe
F:\Program Files\Google\Google Updater\GoogleUpdater.exe
F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Q-Type\OSD.EXE
F:\Program Files\Messenger\msmsgs.exe
F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
F:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
F:\Program Files\MSN Messenger\usnsvc.exe
F:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\iFrank\Desktop\holdup.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - F:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Firefly] F:\Program Files\SnapStream Media\Firefly\Firefly.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] F:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "F:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "F:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Picasa Media Detector] F:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = F:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = F:\Program Files\Q-Type\Versato.exe
O4 - Global Startup: Google Updater.lnk = F:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://F:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?9b9f1f422531429bae3d8c5a858bcc21
O8 - Extra context menu item: Open in new foreground tab - res://F:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?9b9f1f422531429bae3d8c5a858bcc21
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - F:\Program Files\UltimateBet.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: bw+0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E8A1D493-EA22-473E-8A38-64D2957AA1B0} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: F:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - F:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - F:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - F:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - F:\PROGRA~1\COMMON~1\SNAPST~1\Common\x10nets.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP