Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32:TratBHO Trojan


  • Please log in to reply

#1
Junmar74

Junmar74

    Member

  • Member
  • PipPip
  • 15 posts
Hi Everyone :)

Im Junmar and I joined this forum because I have been experiencing problems with a trojan Win32:TratBHO. I have basically done everything that I know how to do in order to delete it but to no success. Before posting this message, i followed the instructions you posted on how to delete it but still no success. My Avast 4.7 (which updates almost daily) detects it. I move the .dll files to the virus chest to delete it but it keeps coming back. You guys are my last hope so please help.

Below are the logs that I have saved from the scans I made. I attemped to do online scan with Panda but during download, my Avast detected a virus/worm so I had to abort it. I didn't re attempt after that.

SUPERAntiSpyware Scan Log
Generated 02/14/2008 at 12:22 PM

Application Version : 3.6.1000

Core Rules Database Version : 3402
Trace Rules Database Version: 1394

Scan type : Complete Scan
Total Scan Time : 01:33:31

Memory items scanned : 578
Memory threats detected : 0
Registry items scanned : 7780
Registry threats detected : 5
File items scanned : 89711
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\JUNMAR's\Cookies\junmar'[email protected][1].txt
C:\Documents and Settings\JUNMAR's\Cookies\junmar'[email protected][1].txt
C:\Documents and Settings\JUNMAR's\Cookies\junmar'[email protected][1].txt
C:\Documents and Settings\JUNMAR's\Cookies\junmar'[email protected][1].txt

Rogue.AdvancedCleaner
HKLM\Software\AdvancedCleaner Free
HKLM\Software\AdvancedCleaner Free#EULA Accepted
HKLM\Software\AdvancedCleaner Free#Installer TotalSize
HKLM\Software\AdvancedCleaner Free#InstallDate
HKLM\Software\AdvancedCleaner Free#ProductCode
________________________________________________________________________________
_
This is from my Avast log


2/13/2008 8:15:17 AM JUNMAR's 1600 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\fpfgshni.dll" file.
2/13/2008 8:15:40 AM JUNMAR's 1600 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\euffwohf.dll" file.
2/13/2008 8:15:47 AM JUNMAR's 1600 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\gqcxtvkp.dll" file.
2/13/2008 11:56:19 AM JUNMAR's 1568 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\slcuaevp.dll" file.
2/13/2008 12:11:35 PM JUNMAR's 1568 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\nbykdswk.dll" file.
2/13/2008 12:11:54 PM JUNMAR's 1568 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\gkklyjgx.dll" file.
2/13/2008 1:03:40 PM JUNMAR's 1572 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\grxykcdg.dll" file.
2/13/2008 1:04:01 PM JUNMAR's 1572 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\dluslfgp.dll" file.
2/13/2008 1:05:58 PM JUNMAR's 1572 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\jhcgwbgp.dll" file.
2/13/2008 10:05:30 PM JUNMAR's 1576 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\ugoyiwpc.dll" file.
2/13/2008 10:06:34 PM JUNMAR's 1576 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\exrerlia.dll" file.
2/13/2008 10:07:50 PM JUNMAR's 1576 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\gtapvshs.dll" file.
2/13/2008 10:45:32 PM JUNMAR's 1568 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\yqwfagbj.dll" file.
2/13/2008 10:45:37 PM JUNMAR's 1568 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\eaymrale.dll" file.
2/13/2008 10:48:19 PM JUNMAR's 1568 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\wjpgpdcc.dll" file.
2/13/2008 11:16:17 PM JUNMAR's 1564 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\brkfjfvb.dll" file.
2/13/2008 11:16:37 PM JUNMAR's 1564 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\rbwbkjrn.dll" file.
2/13/2008 11:18:29 PM JUNMAR's 1564 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\drfspynl.dll" file.
2/14/2008 2:41:36 AM JUNMAR's 1568 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\vultlxqm.dll" file.
2/14/2008 10:41:08 AM JUNMAR's 1564 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\xnaaqujo.dll" file.
2/14/2008 12:31:28 PM JUNMAR's 1416 Sign of "Win32:TratBHO [Trj]" has been found in "C:\DOCUME~1\JUNMAR's\LOCALS~1\Temp\vsqyucna.dll" file.
2/14/2008 12:46:32 PM JUNMAR's 1416 Sign of "Win32:CTX" has been found in "http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL" file.
2/14/2008 12:47:56 PM JUNMAR's 1416 Sign of "Win32:CTX" has been found in "http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL" file.
________________________________________________________________________________
___________________________

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:57:47 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JUNMAR's\Desktop\Junmar HJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B394116-6FF2-40E7-ACCD-0C60F9F6C83A} - (no file)
O2 - BHO: (no name) - {29B78806-514F-40EF-A4C0-65DE9366649C} - (no file)
O2 - BHO: (no name) - {30b11c06-4bd9-466b-8475-670bd39b8f87} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B32C844-F0CC-413B-BE93-4F2916ED001F} - C:\WINDOWS\system32\vturq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll
O2 - BHO: (no name) - {F5D55A23-DBA5-4055-A53D-550462125BDE} - C:\WINDOWS\system32\rqrsqqp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198000564515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: bw+0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rqrsqqp - C:\WINDOWS\SYSTEM32\rqrsqqp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 25223 bytes
  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your query and we will go through it again.

The fixes may take several attempts and my replies may take some time but stick with it, and we will be sure to get you sorted.

NOTE: I am still in training so I have to let the experts check the content of my fixes before I post them. This may take a little longer but the fixes will be verified and correct.

I will post your first set of instructions shortly.

===============================================
  • 0

#3
Junmar74

Junmar74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi BHowett. Nice to hear from you. Ok, I shall be waiting for your next instructions.

Junmar
  • 0

#4
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Junmar74,

not looking to bad....lets see what we can do :)

Disable Teatimer

Please disable Teatimer as it may interfere with the fix.

First:
*Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
*Choose Exit Spybot S&D Resident

Second:
*Open Spybot S&D
*Click Mode, check Advanced Mode
*Go To Left Panel, Click Tools, then also in left panel, click Resident
*If your firewall raises a question, say OK
*Uncheck the box labeled Resident Tea-Timer and OK any prompts.
*Use File, Exit to terminate Spybot
*Reboot your machine for the changes to take effect.

Once your log is clean you can re-enable those settings.

===============================================

ATF Cleaner


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================


Combo Fix

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


===============================================



Download & Run HijackThis.exe

Because you are still using the BETA version of HijackThis I will need you to uninstall that one, and re-download the latest version.

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


===============================================


Please post the combofix log and a new HijackThis log in your next reply.

Thanks,
  • 0

#5
Junmar74

Junmar74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi. Here the logs you requested for. Btw, I installed Zonealarm pro and superantispyware pro while waiting for your first set of instructions to keep the bad stuff from infecting my pc. I haven't received any warnings about Win32:tratBHO since I did this. I do however want to make sure that my logs are clean. Just a fyi.

ComboFix 08-02-17.2 - JUNMAR's 2008-02-17 22:18:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478 [GMT -8:00]
Running from: C:\Documents and Settings\JUNMAR's\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\JUNMAR's\Application Data\inst.exe
C:\WINDOWS\system\_sv_CMD_
C:\WINDOWS\system32\pskill.exe

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cőj
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-16 18:04 . 2008-02-16 18:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-15 12:40 . 2008-02-15 12:40 354 ---hs---- C:\WINDOWS\system32\boaxcxmh.ini
2008-02-15 12:38 . 2008-02-15 12:38 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-15 12:28 . 2008-02-15 00:51 262,144 --a------ C:\Program Files\Uninstall Spy Blocker.dll
2008-02-15 12:23 . 2008-02-15 12:24 354 ---hs---- C:\WINDOWS\system32\ywwcrixd.ini
2008-02-15 00:49 . 2008-02-15 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-15 00:49 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-15 00:49 . 2008-02-17 19:32 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-15 00:48 . 2008-02-16 03:06 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-15 00:42 . 2008-02-17 22:25 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-15 00:37 . 2008-02-15 23:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-15 00:37 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-02-14 23:02 . 2008-02-14 23:02 414 ---hs---- C:\WINDOWS\system32\rqsfkfqx.ini
2008-02-14 22:57 . 2008-02-14 23:02 354 ---hs---- C:\WINDOWS\system32\kqsoyqbe.ini
2008-02-14 22:38 . 2008-02-14 22:52 354 ---hs---- C:\WINDOWS\system32\cjfuwixf.ini
2008-02-14 13:30 . 2008-02-14 14:50 294 --ahs---- C:\WINDOWS\system32\llqqfxlv.ini
2008-02-14 12:46 . 2008-02-14 12:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-14 12:46 . 2008-02-14 12:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-14 12:46 . 2008-02-14 12:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-14 12:45 . 2008-02-14 12:45 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-14 12:33 . 2008-02-14 12:33 354 --ahs---- C:\WINDOWS\system32\rmaqalgw.ini
2008-02-14 10:44 . 2008-02-14 10:44 354 --ahs---- C:\WINDOWS\system32\bjkcrhoa.ini
2008-02-14 10:22 . 2008-02-14 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-14 10:21 . 2008-02-16 18:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 10:21 . 2008-02-16 18:05 <DIR> d-------- C:\Documents and Settings\JUNMAR's\Application Data\SUPERAntiSpyware.com
2008-02-14 03:57 . 2008-02-14 03:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-14 02:43 . 2008-02-14 02:43 354 --a------ C:\WINDOWS\system32\chmdhjbs.ini.vir
2008-02-13 22:35 . 2008-02-14 03:22 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-13 22:35 . 2008-02-13 22:35 <DIR> d-------- C:\Documents and Settings\JUNMAR's\Application Data\Simply Super Software
2008-02-13 22:35 . 2008-02-13 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-13 14:40 . 2001-09-18 21:47 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-02-13 14:40 . 2005-06-21 18:11 23,552 -ra------ C:\WINDOWS\system32\PostProc.dll
2008-02-13 14:39 . 2005-08-10 21:49 393,088 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2008-02-13 14:39 . 2005-09-14 20:56 141,312 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2008-02-13 14:39 . 2005-03-04 04:53 127,872 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2008-02-11 11:41 . 2008-02-14 03:17 227,805 --a------ C:\WINDOWS\system32\qrutv.ini2.vir
2008-02-11 11:40 . 2008-02-14 03:18 227,805 --a------ C:\WINDOWS\system32\qrutv.ini.vir
2008-02-11 11:25 . 2008-02-14 14:51 147 --a------ C:\WINDOWS\wininit.ini
2008-02-11 09:40 . 2008-02-14 22:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-10 20:37 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-02-10 20:37 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-10 20:37 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-10 20:37 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-10 20:37 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-02-10 16:00 . 2008-02-11 11:32 235,876 --a------ C:\WINDOWS\system32\cbeeg.ini2.vir
2008-02-10 16:00 . 2008-02-11 11:33 235,876 --a------ C:\WINDOWS\system32\cbeeg.ini.vir
2008-02-10 15:57 . 2008-02-10 15:58 <DIR> d-------- C:\Documents and Settings\JUNMAR's\Application Data\TVU Networks
2008-02-07 13:59 . 2008-02-07 13:59 72 --a------ C:\WINDOWS\system32\installerror.dat
2008-02-07 08:46 . 2008-02-07 08:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-07 08:46 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-06 23:42 . 2008-02-06 23:42 <DIR> d-------- C:\Program Files\EA Games
2008-02-05 08:52 . 2008-02-05 08:52 <DIR> d-------- C:\Program Files\Recuva
2008-02-04 23:50 . 2006-03-01 05:21 1,263,616 --a------ C:\WINDOWS\system32\aurora.scr
2008-02-04 23:50 . 2006-03-01 04:53 773,120 --a------ C:\WINDOWS\system32\bubbles.scr
2008-02-04 23:50 . 2006-03-01 05:21 117,248 --a------ C:\WINDOWS\system32\ribbons.scr
2008-02-04 23:50 . 2006-03-03 14:42 117,248 --a------ C:\WINDOWS\system32\Mystify.scr
2008-02-04 22:44 . 2008-02-04 22:46 <DIR> d-------- C:\Program Files\Dream Aquarium
2008-02-04 22:44 . 2006-10-09 12:00 94,208 --a------ C:\WINDOWS\Dream Aquarium.scr
2008-02-04 08:51 . 2008-02-04 08:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-03 19:09 . 2005-03-20 14:33 18,009 --a------ C:\WINDOWS\system32\GPL
2008-02-03 19:07 . 2008-02-03 19:07 233,472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-02-03 19:07 . 2008-02-03 19:07 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-01-31 19:47 . 2008-02-10 07:01 <DIR> d-------- C:\Program Files\Winflip
2008-01-30 00:34 . 2008-02-08 09:54 <DIR> d-------- C:\Program Files\Anyplace Control 4
2008-01-30 00:02 . 2000-12-21 22:08 114,688 --a------ C:\WINDOWS\system32\CButton.ocx
2008-01-30 00:02 . 1997-12-10 19:43 29,696 --a------ C:\WINDOWS\system32\DPDlg.ocx
2008-01-29 10:37 . 2008-01-29 10:37 <DIR> d-------- C:\Temp
2008-01-28 08:23 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-23 02:52 . 2008-01-23 02:52 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-23 02:52 . 2008-01-23 02:52 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-23 02:51 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-23 02:47 . 2008-01-23 02:47 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-23 01:56 . 2008-01-23 01:56 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-23 01:56 . 2008-01-23 01:56 <DIR> d-------- C:\Documents and Settings\JUNMAR's\Application Data\DAEMON Tools
2008-01-23 01:51 . 2008-01-23 01:51 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-22 02:58 . 2008-02-04 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-01-22 02:57 . 2008-01-22 02:57 <DIR> d-------- C:\Program Files\LG Software Innovations
2008-01-22 00:27 . 2008-01-22 00:27 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-22 00:27 . 2008-01-22 00:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-01-22 00:27 . 2008-01-22 00:27 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-22 00:26 . 2008-01-22 00:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-22 00:26 . 2007-01-23 15:45 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-01-22 00:26 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-22 00:26 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-22 00:26 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-22 00:26 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-22 00:26 . 2007-01-23 15:45 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-01-22 00:26 . 2007-01-23 15:45 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-01-22 00:26 . 2007-01-23 15:45 28,176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-01-21 22:26 . 2004-08-03 23:10 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2008-01-21 22:26 . 2004-08-03 23:10 25,600 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
2008-01-21 22:26 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-21 22:26 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-01-21 22:25 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-01-21 22:25 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-01-21 21:14 . 2008-01-21 21:14 <DIR> d-------- C:\Program Files\iTunes
2008-01-21 21:14 . 2008-01-21 21:14 <DIR> d-------- C:\Program Files\iPod
2008-01-21 21:12 . 2008-01-21 21:12 <DIR> d-------- C:\Program Files\QuickTime
2008-01-21 13:43 . 2008-01-21 13:43 <DIR> d-------- C:\Program Files\DVD Shrink
2008-01-21 13:43 . 2008-01-21 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 06:22 135,443 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_17_21_30_12_small.dmp.zip
2008-02-18 06:16 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\uTorrent
2008-02-18 04:29 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-18 03:30 2,439,168 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-18 03:30 2,326,016 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-17 04:47 137,649 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_16_20_01_51_small.dmp.zip
2008-02-17 03:48 19,671,779 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_02_16_16_54_21_full.dmp.zip
2008-02-17 03:47 169,194 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_16_16_53_53_small.dmp.zip
2008-02-17 03:47 147,945 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_16_18_06_57_small.dmp.zip
2008-02-17 00:32 19,627,172 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_02_16_04_54_37_full.dmp.zip
2008-02-17 00:32 19,601,902 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_02_16_03_42_55_full.dmp.zip
2008-02-17 00:30 132,208 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_16_03_37_32_small.dmp.zip
2008-02-17 00:30 131,649 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_16_04_49_21_small.dmp.zip
2008-02-16 07:54 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Skype
2008-02-16 06:57 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\skypePM
2008-02-15 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 11:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 04:37 --------- d-----w C:\Program Files\VSO
2008-02-11 04:37 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Vso
2008-02-10 06:12 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Canon
2008-02-09 22:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 20:31 --------- d-----w C:\Program Files\Incomplete
2008-02-09 19:30 --------- d-----w C:\Program Files\LimeWire
2008-02-09 19:30 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\LimeWire
2008-02-07 16:46 --------- d-----w C:\Program Files\Java
2008-02-04 01:48 --------- d-----w C:\Program Files\uTorrent
2008-02-01 04:57 --------- d-----w C:\Program Files\Windows Live
2008-02-01 04:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 20:00 --------- d-----w C:\Program Files\Magic Video Studio
2008-01-22 08:26 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-22 05:37 --------- d-----w C:\Program Files\Google
2008-01-22 05:13 --------- d-----w C:\Program Files\Bonjour
2008-01-21 21:22 --------- d-----w C:\Program Files\Picasa2
2008-01-21 19:55 --------- d-----w C:\Program Files\Skype
2008-01-19 06:15 --------- d-----w C:\Program Files\Winamp(2)(2)
2008-01-19 06:15 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Winamp(2)
2008-01-17 11:24 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\MSNInstaller
2008-01-16 04:34 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 23:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-13 11:56 --------- d-----w C:\Program Files\AskTBar
2008-01-13 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-01-13 10:39 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Yahoo!
2008-01-13 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-13 08:08 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-01-12 05:03 --------- d-----w C:\Program Files\MSECACHE
2008-01-11 06:25 --------- d-----w C:\Program Files\Free PDF to Word Doc Converter
2008-01-09 16:09 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Command & Conquer 3 Tiberium Wars
2008-01-09 09:49 --------- d--h--r C:\Documents and Settings\JUNMAR's\Application Data\SecuROM
2008-01-09 09:42 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-06 19:26 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-06 19:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-01-06 18:16 --------- d-----w C:\Program Files\NeroInstall.bak
2008-01-06 07:55 --------- d-----w C:\Program Files\Red Chair Software
2008-01-06 07:55 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Red Chair Software
2008-01-06 06:50 --------- d-----w C:\Program Files\Icon Maker
2008-01-05 07:46 --------- d-----w C:\Program Files\Wide Angle Software
2008-01-04 15:43 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-01-04 05:59 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-02 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-01-02 18:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-01-02 18:02 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-01 03:49 --------- d-----w C:\Program Files\Common Files\snp2std
2008-01-01 03:49 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\InstallShield
2007-12-31 07:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-30 07:15 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\Styler
2007-12-30 07:14 --------- d-----w C:\Program Files\Styler
2007-12-30 04:21 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\ViStart
2007-12-28 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-28 16:25 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 16:10 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2007-12-27 06:39 --------- d-----w C:\Program Files\MSBuild
2007-12-26 22:41 --------- d-----w C:\Program Files\Common Files\Scanner
2007-12-26 20:59 --------- d-----w C:\Program Files\Microsoft Works
2007-12-25 09:24 --------- d-----w C:\Program Files\Codec Pack - All In 1
2007-12-25 09:23 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-25 04:15 --------- d-----w C:\Program Files\MAIL
2007-12-24 22:45 --------- d-----w C:\Program Files\DivX
2007-12-23 04:26 --------- d-----w C:\Program Files\Maxis
2007-12-21 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-12-21 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-21 07:11 --------- d-----w C:\Program Files\Logitech
2007-12-20 06:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-18 17:34 --------- d-----w C:\Documents and Settings\JUNMAR's\Application Data\dvdcss
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-04 10:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-28 06:55 47,360 -c--a-w C:\Documents and Settings\JUNMAR's\Application Data\pcouffin.sys
2002-10-03 06:16 40,960 ----a-w C:\Program Files\BeSliced.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2007-05-12 11:19 270336]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2007-05-10 16:58 344064]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-22 00:26:16 688128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^JUNMAR's^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JUNMAR's^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JUNMAR's^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 04:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2007-02-12 14:50 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-10-27 14:21 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-09-27 13:21 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra--c--- 2005-08-12 00:38 1056768 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2003-10-31 18:42 32768 C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-07-26 09:54 716800 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-19 17:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-30 20:57 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-07 11:33 53248 C:\WINDOWS\system32\VTTimer.exe

R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:00]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 21:31]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-05-10 16:10]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-15 21:36]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-09-27 14:34]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-09-27 14:34]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-09-27 14:34]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-09-27 14:34]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-09-27 14:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{648cb27d-ad86-11dc-af6d-0008a1b583cf}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65970d78-8dc1-11dc-af06-0008a1b583cf}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{766f79a2-bdad-11dc-afe2-0008a1b583cf}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88305078-af41-11dc-af7c-0008a1b583cf}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa0ddd32-a7a5-11dc-af50-0008a1b583cf}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa0ddd33-a7a5-11dc-af50-0008a1b583cf}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL recycled\sys.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 15:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-03 08:06:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-06 05:59:06 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-27 09:39:59 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 22:24:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-17 22:31:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 06:31:43
.
2008-02-14 11:07:49 --- E O F ---

________________________________________________________________________________
________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:54 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198000564515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: bw+0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 19818 bytes


Junmar74
  • 0

#6
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Junmar74,

Your logs are looking good are you still having any problems, and how is your system running?

However I would like to let you know about this so you can free up some resources, You appear to have a program on your system called Logitech® Desktop Messenger. This is a background process that can automatically access the Internet without your knowledge or permission. Although it does provide updates for your Logitech products, the fact that it can access the Internet without your consent is potentially dangerous. It does download and update your Logitech products but this can be done manually by visiting the Logitech web site. My advice would be to uninstall this program but this is entirely your decision. Should you wish to uninstall the program, please follow these instructions.
  • Click Start.
  • Click Control Panel.
  • Double click Add or Remove Programs.
  • When the list has generated, scroll to Logitech Desktop Messenger.
  • Click Logitech Desktop Messenger to highlight it .
  • Click the button, Change/Remove.
  • Close Add or Remove Programs and Control Panel.

  • 0

#7
Junmar74

Junmar74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
So far, I am no longer experiencing any problems or warning prompts from Avast. So I guess the threat was already removed. That's great!

Re the Logitech Desktop Messenger, I tried to uninstall it using add/remove programs. After clicking remove, I get this prompt:

SetupDLL\SetupDLL.cpp (469)
PAPP: Logitech Desktop Messenger
PVENDOR: Logitech (www.logitech.com)
PGUIDE: 900b1197-53f5-4f46-a882-2efffe2eedcb
$10.0.0159
@Windows XP Service Pack 2 (2600) IE 7.0.0.6000.16608

Setup has experienced an error. Error Code 5001

How do I remove this program?

Junmar74
  • 0

#8
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Junmar74,


Fix with HijackThis


(You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - Global Startup: Logitech SetPoint.lnk = ?
O18 - Protocol: bw+0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1CFDC15D-6330-4D95-BC9D-2208B316CAD3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Now close all windows other than HiJackThis (especially Internet Explorer!), then click Fix Checked. Close HiJackThis. Reboot into safe mode..(Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.)

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Logitech Desktop Messenger

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "My Computer", or Hold down the Windows Key + E ), please delete these folders (if present):

C:\Program Files\Logitech\Desktop Messenger <-- this folder


After that, Reboot, and post a new HijackThis log here in your reply.
  • 0

#9
Junmar74

Junmar74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Followed your instructions and here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:21 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198000564515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7638 bytes


When I tried to remove the logitech desktop messenger from add/remove programs, it tried to unistall but after the uninstall process, the installer icon is still there. I really cannot remove the icon.

I was able to delete the Logitech Desktop Manager folder from the Logitech folder in C:\program files.

Is the program disabled even though the icon is still in the list of programs?

Junmar74
  • 0

#10
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Junmar74,


Is the program disabled even though the icon is still in the list of programs?


Yes Logitech Desktop Messenger is now disabled, there are no signs of it in you log and you are now clean. :)

To get rid of the icon please navigate to

C:\Documents and Settings\All Users\Start Menu\Programs and delete the Logitech Desktop Messenger icon


This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

I know you already have some of the programs like Antivirus, and firewall, but I still like to share the information incase you ever need it, or want to change them.

  • First
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:

    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above.


    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Posted Image 1.) Watch what you download!
    Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

    Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

    It's important to always keep current with the latest security fixes from Microsoft.
    Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

    Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

    Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
    Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

    So why is ActiveX so dangerous that you have to increase the security for it?
    When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
    Would you run just any random file downloaded off a web site without knowing what it is and what it does?

    Posted Image 4.) Install Javacool's SpywareBlaster

    It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

    Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
    The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
    Don't forget to check for updates every week or so.

    Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

    Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

    Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

    Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

    *It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

    Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

    Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.
    NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.

    Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.



Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!
  • 0

#11
Junmar74

Junmar74

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I would also like to thank you for resolving my problem :) I will surely refer future PC -related problems to your forum.

Junmar74 :)
  • 0

#12
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Junmar74,

Your welcome :) and feel free to have a look around the rest of the forum, there is a lot of good stuff and good people here.



Safe surfing,

Brian
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP