Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blackbird Trojan [RESOLVED]

Started by jb4bertram , May 05 2008 12:49 PM

  • This topic is locked This topic is locked

#1
jb4bertram
Posted 05 May 2008 - 12:49 PM

jb4bertram

    New Member

  • Member
  • Pip
  • 2 posts
I havedone everything possible to remove this problem. I have read all the forums and done all of the things asked. I have run all the checks including combofix. The last problem my system faced was the explorer.exe kept crashing. After running CF, letting it restart, Windows would not boot normally and would only boot in safe mode. It would load the WinXP screen but then go to a blank screen. So the only problem that I appear to have now is booting up normally. I still have mrofinu1535 in my sysconfig even though I don't have it checked. Anyhelp would be greatly appreciated..Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:29 PM, on 5/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\RunOnce: [RegDefrag] "C:\Program Files\TweakNow RegCleaner Professional\RegDefragReport" RegCleanerPro"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...2/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....aceUploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,38
O18 - Protocol: bw+0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {948E40E0-ADCA-4124-8CA5-2F0C5E9AA7F3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

--
End of file - 19457 bytes

HERE IS MY CF LOG

ComboFix 08-05-01.3 - Owner 2008-05-05 11:58:32.1 - NTFSx86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1465 [GMT -4:00]
Running from: C:\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\inst.exe
C:\WINDOWS\system32\KmloYJlm.ini
C:\WINDOWS\system32\KmloYJlm.ini2
C:\WINDOWS\system32\ljJDVMfE.dll
C:\WINDOWS\system32\mlJYolmK.dll
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\VxaGNnmp.ini
C:\WINDOWS\system32\VxaGNnmp.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE


((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-05 11:41 . 2008-05-05 11:41 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-05 11:40 . 2008-05-05 11:47 <DIR> d-------- C:\Program Files\Panda Security
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\WINDOWS\system32\backuped
2008-05-05 11:22 . 2008-05-05 11:23 <DIR> d-------- C:\Program Files\True Sword 4
2008-05-05 11:22 . 2008-05-05 11:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\True Sword
2008-05-05 11:22 . 2005-10-11 14:40 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2008-05-05 11:22 . 2003-06-06 11:21 81,920 --a------ C:\WINDOWS\eSellerateControl350.dll
2008-05-05 04:26 . 2008-05-05 04:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-05 03:37 . 2008-05-05 03:44 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Professional
2008-05-05 03:37 . 2008-05-05 03:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TweakNow RegCleaner Professional
2008-05-05 03:08 . 2008-05-05 03:08 <DIR> d-------- C:\Program Files\PrevxCSI
2008-05-05 03:08 . 2008-05-05 03:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-05 03:08 . 2008-05-05 03:08 10,880 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-05-05 01:53 . 2008-05-05 01:53 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-04 23:24 . 2008-05-04 23:25 <DIR> d-------- C:\Program Files\Promosoft Corporation
2008-05-04 23:19 . 2008-05-04 23:24 <DIR> d-------- C:\Program Files\RegScanner
2008-05-04 23:05 . 2008-05-04 23:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-04 21:40 . 2008-05-05 04:13 587,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-04 21:40 . 2008-05-05 04:13 7,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-04 20:57 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000002_.tmp
2008-04-30 15:05 . 2008-04-13 22:06 144,384 --a------ C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-30 15:04 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-04-29 02:23 . 2008-04-29 02:23 <DIR> d-------- C:\Program Files\ImTOO
2008-04-24 15:12 . 2008-04-24 15:29 <DIR> d-------- C:\temporarydvd
2008-04-24 01:13 . 2008-04-14 00:09 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-04-24 01:06 . 2008-04-24 01:06 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-04-24 01:06 . 2008-04-24 01:07 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-04-22 13:01 . 2008-04-22 13:01 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-22 13:01 . 2008-04-22 13:01 2,544 --a------ C:\WINDOWS\unins000.dat
2008-04-14 23:58 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\iPod
2008-04-13 15:04 . 2008-04-13 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-13 15:03 . 2008-04-13 15:03 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-07 23:39 . 2008-04-07 23:39 71,896 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-05 09:05 . 2008-04-05 09:05 <DIR> d-------- C:\Program Files\MediaCoder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 16:05 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd7853.sys
2008-05-05 15:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Free Download Manager
2008-05-04 06:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\SolidDocuments
2008-05-02 20:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\Vso
2008-04-24 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-23 06:39 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-04-22 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-22 17:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-20 14:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-04-15 03:58 --------- d-----w C:\Program Files\iTunes
2008-04-15 03:57 --------- d-----w C:\Program Files\QuickTime
2008-04-14 09:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 09:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 09:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 09:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 09:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 09:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 09:42 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 09:42 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 09:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 09:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 09:42 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 09:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 09:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 04:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 04:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 04:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 04:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 04:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 04:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 04:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 04:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 04:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 04:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 04:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 04:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 04:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 04:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 04:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 04:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 04:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 04:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 04:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 04:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 04:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 04:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 04:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 04:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 04:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 04:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 04:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 04:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 04:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 04:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 04:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 04:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 04:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 04:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 04:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 04:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 04:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 04:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 04:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 04:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 04:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 04:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 04:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 04:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 04:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 04:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 04:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 04:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 04:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 04:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 04:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 04:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 04:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 04:17 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-14 04:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-14 04:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 04:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 04:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-14 04:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 04:13 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-14 04:13 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-14 04:11 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-14 04:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 04:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-14 04:11 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys
2008-04-14 04:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
2008-04-14 04:09 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-14 04:09 5,504 ----a-w C:\WINDOWS\system32\drivers\mstee.sys
2008-04-14 04:09 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys
2008-04-14 04:09 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys
2008-04-14 04:09 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys
2008-04-14 04:09 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys
2008-04-14 04:09 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys
2008-04-14 04:09 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 04:09 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 04:08 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys
2005-04-14 04:11 53,283 ----a-w C:\Program Files\mozilla firefox\plugins\NCScnet.dll
2005-04-14 04:33 1,044,514 ----a-w C:\Program Files\mozilla firefox\plugins\NCSEcw.dll
2005-04-14 04:11 98,339 ----a-w C:\Program Files\mozilla firefox\plugins\NCSUtil.dll
2006-10-24 18:41 8 --sh--r C:\WINDOWS\system32\421A71A43E.sys
2006-10-24 18:41 4,704 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-29 00:18 32768]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2008-04-14 05:42 33280 C:\WINDOWS\system32\rundll32.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 16:42 106496]
"NvMediaCenter"="RUNDLL32.exe" [2008-04-14 05:42 33280 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 22:06 577536 C:\WINDOWS\soundman.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 18:54 37376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"MSConfig"="C:\Downloads\msconfig.exe" [2008-05-04 20:14 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-25 21:23 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-02-14 13:12:26 22486]
LocalCooling.lnk - C:\Program Files\Uniblue\LocalCooling\localcooling2.exe [2008-03-10 12:02:51 5054464]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-29 00:18:16 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-03 14:03:31 784912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP62"= SP6X_32.DLL
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Music Anywhere Settings.lnk]
path=
backup=C:\WINDOWS\pss\Logitech Music Anywhere Settings.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Dialog Helper.lnk]
path=
backup=C:\WINDOWS\pss\Dialog Helper.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
path=
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\/AutoLaunch]
--------- 2004-06-03 07:22 65631 C:\Program Files\PHILIPS\PSADMM\DMM\bin\AutoLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 08:55 61440 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab Tool\setup_7.0.0.180.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 16:15 538112 C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 10:57 133016 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2006-10-30 12:01 392832 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2008-04-14 05:42 50176 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Registry Fix]
--a------ 2007-10-02 01:14 1028096 C:\Program Files\Promosoft Corporation\Free Registry Fix\regfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-11-16 01:33 241152 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2006-07-07 19:15 600896 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 17:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2006-11-07 15:49 1121280 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2007-10-22 20:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-25 21:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
--a------ 2005-08-27 08:09 139264 C:\Program Files\Digital Media Reader\readericon45G.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1535.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-12-14 22:06 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-23 12:58 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-01-11 18:54 166304 c:\Program Files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\nfsc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Gateway\\HPA\\gwmenu.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Best Buy Rhapsody\\rhapsody.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-05-05 03:08]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-06-04 17:08]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-27 15:24]
R3 hhdusbh;USB Monitor Filter driver;C:\Program Files\HHD Software\USB Monitor\hhdusbh.sys [2004-07-09 14:45]
S3 DMSHLP;Serial Monitor Helper Driver;C:\Program Files\Common Files\HHD Software\Device Monitor\dmshlp.sys [2004-07-09 14:45]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-25 22:24]
S3 SUNPLUS;SightCAM PC-100p;C:\WINDOWS\system32\Drivers\SPIXNEW.SYS [2002-03-07 18:21]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]
S4 CSIScanner;CSIScanner;"C:\Program Files\PrevxCSI\\PrevxCSI.exe" /service []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 12:07:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WudfHost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\ehome\ehrec.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\ehome\mcrdsvc.e

Edited by jb4bertram, 05 May 2008 - 12:55 PM.

  • 0

Advertisements

#2
eddie5659
Posted 10 May 2008 - 11:31 AM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Hello jb4bertram, and welcome to Geeks to Go!

Please read this post completely. It may make it easier for you if you print, or copy and paste this post to a new text document for reference later.

This will likely be a few steps process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Download CWShredder here to its own folder.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder

Download and install CleanUp!

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Perform the following steps in safe mode:

Run the CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Close the Shredder.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click Yes.

Restart the computer in Normal Mode.

Please download Spybot Search & Destroy.

Follow all the instructions on this website to run a scan.
Run Adaware 2007 Free with the latest definitions.
  • Download the latest version of Ad-Aware (Adaware 2007 Free) from here.
  • If you have a previous version of Ad-Aware installed, you will be need to uninstall the older version.
  • After installing Ad-aware, you will be prompted to update the program and run a full scan.
  • Update to the latest definitions before any Scan.
  • Once the definitions have been updated run a Full Scan and remove all findings.
  • Restart the computer.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report as well as a fresh Hijackthis log.

Regards

eddie
  • 0

#3
jb4bertram
Posted 14 May 2008 - 11:32 AM

jb4bertram

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
thanks for the info. I tried near about everything but since I never got a response for my post and since I need my PC daily, I re-installed Windows on a separate drive and went in with GetDataBack for NTFS and retrieved all the pertinent information. Thanks for the help but 5 days without a reply was for not since I don't know many people that could sit and wait that long without their PC.
  • 0

#4
eddie5659
Posted 14 May 2008 - 02:10 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
That's okay, its just that we try and clear the backlog of unanswered threads, as we get many posted daily.

Glad to hear the pc is running okay now :)

eddie
  • 0

#5
eddie5659
Posted 14 May 2008 - 02:10 PM

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP