Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need some help with malware, etc.

Started by Jazzo , Apr 09 2008 10:17 PM

  • Please log in to reply

#16
sari
Posted 10 April 2008 - 11:33 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Jazzo,

Go ahead and run the combofix with the script I gave you, if you haven't yet.
  • 0

Advertisements

#17
sari
Posted 11 April 2008 - 12:09 AM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Jazzo,

To disable your AVG, go here. The instructions are just a short way down the page. Try that and then run combofix again. If that doesn't work, run it in safe mode.

sari

(note: user was being helped in chat during some of this process, so I was aware that combofix was hanging).
  • 0

#18
Jazzo
Posted 11 April 2008 - 12:49 AM

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok sari, combofix still wouldn't run after temporarily disabling the Resident Shield for AVG, so I just ran it in Safe Mode again. Here is the latest combofix log:

ComboFix 08-04-09.8 - Jasper 2008-04-11 2:41:34.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1788 [GMT -4:00]
Running from: C:\Documents and Settings\Jasper\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\DOCUME~1\Jasper\LOCALS~1\temp\bwgo00095a59.exe
C:\Documents and Settings\All Users\Application Data\kvutipaj
C:\Documents and Settings\All Users\Application Data\kvutipaj\uhodklqf.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-10 02:11 . 2008-04-10 02:11 <DIR> d-------- C:\WINDOWS\resources
2008-04-10 02:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-10 02:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-10 02:05 . 2008-03-29 00:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-10 02:05 . 2008-04-08 22:44 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-10 02:05 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-10 02:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-10 02:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-10 02:05 . 2008-04-10 02:05 2,572 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-10 01:56 . 2008-04-10 01:56 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-10 01:52 . 2008-04-10 02:02 <DIR> d-------- C:\SDFix
2008-04-09 17:57 . 2008-04-09 17:57 <DIR> d-------- C:\Documents and Settings\Jasper\Application Data\TmpRecentIcons
2008-04-09 15:05 . 2008-04-09 15:05 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-04-09 15:04 . 2008-04-09 15:04 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-08 06:27 . 2008-04-08 06:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-08 06:27 . 2008-04-08 06:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-28 06:21 . 2008-03-28 06:21 <DIR> d-------- C:\Program Files\CCleaner
2008-03-18 23:20 . 2008-03-18 23:20 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 05:00 --------- d-----w C:\Documents and Settings\Jasper\Application Data\Xfire
2008-04-11 00:50 --------- d-----w C:\Documents and Settings\Jasper\Application Data\AVG7
2008-04-09 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 19:04 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-04-06 23:57 --------- d-----w C:\Documents and Settings\Jasper\Application Data\Azureus
2008-04-06 07:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-06 07:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-20 01:32 --------- d-----w C:\Program Files\ScreenPrint32 v3
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-09 21:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-09 21:29 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-27 21:47 --------- d--h--r C:\Documents and Settings\Jasper\Application Data\yahoo!
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-11 04:37 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-01-29 06:53 612,864 ----a-w C:\WINDOWS\system32\x264vfw.dll
2007-12-16 01:22 22,328 ----a-w C:\Documents and Settings\Jasper\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3822e60e-d5a7-4627-8776-65d058b1f58d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58c920b4-8294-428c-aca9-e195b2441bb0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2df78b2-1cf8-455e-8c7f-81555e1242fd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b603013a-8741-4da8-b0b5-03f16ff99bb8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc35cdd9-b97a-43d8-aa0e-7eb51654d8f2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="f:\program files\steam\steam.exe" [2008-03-27 23:16 1271032]
"LDM"="E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-08-15 21:42 36864]
"AIM"="E:\Program Files\AIM\aim.exe" [2003-08-01 11:31 61440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 49152 C:\WINDOWS\KHALMNPR.Exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"DeadAIM"="E:\PROGRA~1\AIM\\DeadAIM.ocm" [2003-02-24 16:11 266313]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2004-08-19 15:08 159744]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2004-08-19 15:08 98304]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2004-08-19 14:10 135168]
"CTHelper"="CTHELPER.EXE" [2006-08-17 12:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 12:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-04 09:33 579072]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-28 14:35 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger Agent.lnk - E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-15 21:42:48 196608]
Logitech SetPoint.lnk - E:\Logitech\SetPoint\SetPoint.exe [2006-08-09 00:34:47 434176]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyyvv]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 11:58 278528 E:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-08-15 21:42 36864 E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2003-08-29 14:17 188416 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2003-08-29 14:20 77824 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-01-19 11:06 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-19 11:06 110592 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Program Files\Octoshape Streaming Services\Jasper\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 E:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScreenPrint32]
--a------ 2003-05-15 20:36 446464 C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 18:20 20058152 E:\Program Files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Xfire\\Xfire.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat source\\hl2.exe"=
"E:\\Program Files\\AIM\\aim.exe"=
"E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike source\\hl2.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life 2 deathmatch\\hl2.exe"=
"F:\\Program Files\\mIRC\\mirc.exe"=
"E:\\Program Files\\LimeWire\\LimeWire.exe"=
"F:\\Program Files\\mIRC-Admin\\mirc.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\half-life\\hl.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\the ship\\ship.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Azureus\\Azureus.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"F:\\Program Files\\Steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Program Files\\Steam\\steam.exe"=
"F:\\Program Files\\CoD4\\iw3mp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 m5288;m5288;C:\WINDOWS\system32\drivers\m5288.sys [2005-12-23 18:54]
S1 zeqbqwp;zeqbqwp;C:\WINDOWS\zeqbqwp.sys []
S3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 12:16]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 02:43]
S3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-09-22 06:41]

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 02:42:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 2:42:46
ComboFix-quarantined-files.txt 2008-04-11 06:42:37
ComboFix2.txt 2008-04-11 00:35:54
Pre-Run: 2,621,497,344 bytes free
Post-Run: 2,611,212,288 bytes free
.
2008-04-09 10:22:36 --- E O F ---
  • 0

#19
Jazzo
Posted 11 April 2008 - 12:50 AM

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the last hjt log, from after that last combofix scan. I'll talk to you tomorrow again to see what the status is now. Thank you again!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:24 AM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\program files\steam\steam.exe
E:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\DOCUME~1\Jasper\LOCALS~1\Temp\bwgo0000fbd4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3822e60e-d5a7-4627-8776-65d058b1f58d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58c920b4-8294-428c-aca9-e195b2441bb0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {b2df78b2-1cf8-455e-8c7f-81555e1242fd} - (no file)
O2 - BHO: (no name) - {b603013a-8741-4da8-b0b5-03f16ff99bb8} - (no file)
O2 - BHO: (no name) - {e2f8f7c7-954d-4336-ba99-27bfbeb73daf} - (no file)
O2 - BHO: (no name) - {fc35cdd9-b97a-43d8-aa0e-7eb51654d8f2} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://66.150.64.132:8081/join_a.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: byxyyvv - C:\WINDOWS\
O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 18166 bytes
  • 0

#20
sari
Posted 11 April 2008 - 10:28 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Jazzo,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478d38-c3f9-4efb-9b51-7695eca05670} - (no file)
O2 - BHO: (no name) - {3822e60e-d5a7-4627-8776-65d058b1f58d} - (no file)
O2 - BHO: (no name) - {b2df78b2-1cf8-455e-8c7f-81555e1242fd} - (no file)
O2 - BHO: (no name) - {b603013a-8741-4da8-b0b5-03f16ff99bb8} - (no file)
O2 - BHO: (no name) - {e2f8f7c7-954d-4336-ba99-27bfbeb73daf} - (no file)
O2 - BHO: (no name) - {fc35cdd9-b97a-43d8-aa0e-7eb51654d8f2} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O20 - Winlogon Notify: byxyyvv - C:\WINDOWS\
O21 - SSODL: zip - {9c41d53d-d6e3-4c02-91b2-fb5073060db4} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked.

Post another log, please!

sari
  • 0

#21
Jazzo
Posted 12 April 2008 - 11:36 AM

Jazzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok sari, here is the newest hjt log after running ATF Cleaner and deleting the 9 items you posted.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:45 PM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Logitech\SetPoint\SetPoint.exe
C:\DOCUME~1\Jasper\LOCALS~1\Temp\bwgo0004b235.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58c920b4-8294-428c-aca9-e195b2441bb0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Steam] "f:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C86F808-EDD2-4E5D-9C4F-E0D1ADA859AF} (Web Conferencing) - http://66.150.64.132:8081/join_a.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O18 - Protocol: bw+0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {69B9C7BB-5CD0-4FBD-8A8C-A9B199E7883D} - E:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 17427 bytes
  • 0

#22
sari
Posted 14 April 2008 - 02:01 PM

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Jazzo,

It looks good. :)

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Thanks for visiting Geeks to Go!

sari
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP