57 replies to this topic

[Nojoy]

I was on MSN when one of my contacts (one that I've actually met and who I know doesn't know anything about computers) sent me a message that was something like this. "wtf is this a picture of you http://talkswithus.com/photo231.exe." I downloaded the file (photo231.exe) and when I opened it, that message was sent to all my contacts and various programs (iTunes, WMP, etc) opened. I could not open my PC-cillin Internet Security. I deleted the file and rebooted. Everything seemed to be going ok, except for that I still could not open PC-cillin and that when my PC was loading, MSN did not automatically start up like it normally does. I did a scan with Ad-Aware, but it didn't find anything. I opened and signed on to MSN again. Again, the message was sent to all my online contacts and various programs opened themselves. However this time, the icons on my desktop got a blue tint (as if I was selecting them) and I somehow recieved four or five new files (I forget what they were called and I deleted them right away). Now, my icons still have the tint, I still can't open MSN (I can but it screws everything up), my internet sometimes crashes for no reason and as I'm writing this, I'm getting a lot of pop-ups and I know this site doesn't give you pop-ups. Heres my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 8:50:35 PM, on 04/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\anvshell.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\v1201.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\win32077013-139955.exe
C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\Update.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\common files\aol\1159671010\ee\aim6.exe
E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
E:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6A265DFC-56F9-47E0-AA99-FADDE7AD39EF} - C:\Program Files\Common Files\horefoz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C94746B-04B0-1033-0516-050818040002}\888Bar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C94746B-04B0-1033-0516-050818040002}\888Bar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [win32077013-139955] C:\WINDOWS\win32077013-139955.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Creative Detector] e:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: bw+0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks.

[rridgely]

This is a nasty one. Its stopping your AV from running and being able to remove it.

Lets try this though. Download this file:
http://rapidshare.co...sclean.zip.html

Unzip the file.
Now Open the Sysclean folder and double click the sysclean file and press scan. Sysclean will now scan and automatically clean your computer of all possible viruses. Once sysclean is done it might ask you to reboot your computer. If it does not ask you to reboot do it anyway.

After the reboot open the sysclean folder and look for SYSCLEAN.LOG. Post that log onto the forum.

[Nojoy]

Here it is



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-11-05, 08:31:02, Auto-clean mode specified.
2006-11-05, 08:31:02, Running scanner "C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\TSC.BIN"...
2006-11-05, 08:31:27, Scanner "C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\TSC.BIN" has finished running.
2006-11-05, 08:31:27, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Sun Nov 05 2006 08:31:03

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\tsc.ptn" (version 801) [success]

Complete time : Sun Nov 05 2006 08:31:27
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-11-05, 08:31:33, An error was detected on "C:\Documents and Settings\Aidan\Application Data\??stem\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-11-05, 08:31:59, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-05, 08:32:12, An error was detected on "C:\WINDOWS\?ystem32\*.*": The filename, directory name, or volume label syntax is incorrect.
2006-11-05, 08:32:12, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2006-11-05, 08:32:48, An error was detected on "E:\System Volume Information\*.*": Access is denied.
2006-11-05, 08:50:10, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:32:50
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

C:\WINDOWS\Duce6.exe [TROJ_DLOADER.EAE]
C:\WINDOWS\v1201.exe [TSPY_VB.ASN]
C:\WINDOWS\win3208013-1399557.exe [TROJ_VB.BKD]
28853 files have been read.
28853 files have been checked.
26740 files have been scanned.
112275 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 08:50:10
---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 08:50:10, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:32:50
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

28853 files have been read.
28853 files have been checked.
26740 files have been scanned.
112275 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 08:50:10 17 minutes 19 seconds (1038.83 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 08:50:10, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:32:50
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

28853 files have been read.
28853 files have been checked.
26740 files have been scanned.
112275 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 08:50:10 17 minutes 19 seconds (1038.83 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 08:50:10, Scanner "C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN" has finished running.
2006-11-05, 08:50:12, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:50:11
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

6 files have been read.
6 files have been checked.
6 files have been scanned.
6 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 08:50:12
---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 08:50:12, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:50:11
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

6 files have been read.
6 files have been checked.
6 files have been scanned.
6 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 08:50:12 0.05 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 08:50:12, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:50:11
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

6 files have been read.
6 files have been checked.
6 files have been scanned.
6 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 08:50:12 0.05 seconds has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 08:50:12, Scanner "C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN" has finished running.
2006-11-05, 09:19:04, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:50:12
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

43320 files have been read.
43320 files have been checked.
34908 files have been scanned.
114027 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 09:19:04
---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 09:19:04, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:50:12
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

43320 files have been read.
43320 files have been checked.
34908 files have been scanned.
114027 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 09:19:04 28 minutes 51 seconds (1730.94 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 09:19:04, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/5/2006 08:50:12
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 897 (139974 Patterns) (2006/11/01) (389700)
Command Line: C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean

43320 files have been read.
43320 files have been checked.
34908 files have been scanned.
114027 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/5/2006 09:19:04 28 minutes 51 seconds (1730.94 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-05, 09:19:04, Scanner "C:\Documents and Settings\Aidan\My Documents\Syclean\Sysclean\VSCANTM.BIN" has finished running.

I may have messed up this one. That's the log from the second scan...

[rridgely]

Post a new hijackthis log.

[Nojoy]

Logfile of HijackThis v1.99.1
Scan saved at 5:08:40 PM, on 05/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\anvshell.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\win3208013-1399557.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\DOCUME~1\Aidan\APPLIC~1\STEM~1\msiexec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\?ystem32\r?ndll32.exe
E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
E:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {31BD7269-9DF5-E07D-84FB-CC6942AF8FBC} - C:\WINDOWS\system32\wjrm.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31BD7269-9DF5-E07D-84FB-CC6942AF8FBC} - C:\WINDOWS\system32\wjrm.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6A265DFC-56F9-47E0-AA99-FADDE7AD39EF} - C:\Program Files\Common Files\horefoz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [win3208013-1399557] C:\WINDOWS\win3208013-1399557.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Creative Detector] e:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Pocm] "C:\DOCUME~1\Aidan\APPLIC~1\STEM~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Varnw] C:\WINDOWS\?ystem32\r?ndll32.exe
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: bw+0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[rridgely]

Your going to need to follow my clean up guide here:
http://forum.ccleane...?showtopic=6329

You can skip adaware and spybot but run all of the others and come back with the logs.(including a new hijackthis log.)

[Nojoy]

Ok so here they are

BitDefender

Scan report generated at: Sun, Nov 05, 2006 - 21:08:32


Scan path: C:\;D:\;E:\;F:\;G:\;


C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>BlackBox.class
Disinfection failed

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>BlackBox.class
Deleted

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip
Updated

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>VerifierBug.class
Deleted

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip
Updated

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>Dummy.class
Disinfection failed

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>Dummy.class
Deleted

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip
Updated

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip=>Beyond.class
Deleted

C:\Documents and Settings\Aidan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-7c039821.zip

Updated

C:\Documents and Settings\Aidan\Application Data\STEM~1\msiexec.exe
Infected with: Trojan.Downloader.PurityScan.AR

C:\Documents and Settings\Aidan\Application Data\STEM~1\msiexec.exe
Disinfection failed

C:\Documents and Settings\Aidan\Application Data\STEM~1\msiexec.exe
Delete failed

C:\Documents and Settings\Aidan\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Downloader.PurityScan.AR

C:\Documents and Settings\Aidan\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temp\b116.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temp\b116.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\fil_mem[1].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\fil_mem[1].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\fil_mem[1].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\fil_mem[2].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\fil_mem[2].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\fil_mem[2].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\new[1].htm
Infected with: Generic.XPL.ADODB.429F3BCA

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\new[1].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\new[1].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\fil_mem[1].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\fil_mem[1].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\fil_mem[1].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\fil_mem[2].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\fil_mem[2].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\fil_mem[2].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\sploit[1].anr
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\sploit[1].anr
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4LUJ4XMZ\sploit[1].anr
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[1].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[1].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[1].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[2].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[2].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[2].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[3].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[3].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\CX63W9I7\fil_mem[3].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\bagx[1].htm=>(JAVASCRIPT 2)
Infected with: Trojan.Exploit.Js.Cve.2005.1790.H

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\bagx[1].htm=>(JAVASCRIPT 2)
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\bagx[1].htm=>(JAVASCRIPT 2)
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\bagx[1].htm
Updated

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\fil_mem[1].htm
Suspected of: Exploit.JS.CVE.C

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\fil_mem[1].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\fil_mem[1].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\popup[1].htm
Detected with: Application.JS.ForcePopup.D

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\popup[1].htm
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\popup[1].htm
Deleted

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\xpl[1].wmf

Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\xpl[1].wmf
Disinfection failed

C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\GDMR8DYB\xpl[1].wmf
Deleted

C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\services.dll
Infected with: Trojan.Downloader.Agent.AQQ

C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\services.dll
Disinfection failed

C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\services.dll
Delete failed

C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\Update.exe
Infected with: Trojan.Downloader.Agent.AQQ

C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\Update.exe
Disinfection failed

C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\Update.exe
Delete failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Hacktool.Prockill.A

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0003
Infected with: Trojan.Downloader.Agent.AQQ

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0003
Disinfection failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0003
Deleted

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0004
Infected with: Trojan.Downloader.Agent.AQQ

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0004
Disinfection failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0004
Deleted

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0009=>(NSIS g)=>lzma_solid_nsis0002
Infected with: Trojan.Hacktool.Prockill.A

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0009=>(NSIS g)=>lzma_solid_nsis0002
Disinfection failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0009=>(NSIS g)=>lzma_solid_nsis0002
Deleted

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075784.exe=>(NSIS o)=>lzma_solid_nsis0009=>(NSIS g)
Update failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0077749.exe=>(NSIS o)=>lzma_solid_nsis0002
Infected with: Trojan.Hacktool.Prockill.A

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0077749.exe=>(NSIS o)=>lzma_solid_nsis0002
Disinfection failed

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0077749.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0077749.exe=>(NSIS o)
Update failed

C:\WINDOWS\srviktfi.exe=>(NSIS o)=>lzma_nsis0001
Infected with: Trojan.Clicker.VB.FN

C:\WINDOWS\srviktfi.exe=>(NSIS o)=>lzma_nsis0001
Disinfection failed

C:\WINDOWS\srviktfi.exe=>(NSIS o)=>lzma_nsis0001
Deleted

C:\WINDOWS\srviktfi.exe=>(NSIS o)
Update failed

(I am confident that I missed that up, but its the only thing resembling a log I could find)

AVG Anti-Spyware

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:36:40 PM 06/11/2006

+ Scan result:



C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP136\A0077794.exe -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP136\A0077790.dll -> Adware.PurityScan : Ignored.
C:\Program Files\MSN Messenger\msnmsgr.exe -> Backdoor.Agent.aim : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075777.exe -> Backdoor.Agent.aim : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP136\A0077802.exe -> Downloader.PurityScan.dr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP136\A0077800.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP135\A0075787.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Aidan\Local Settings\Temporary Internet Files\Content.IE5\4D2FSTE7\new3[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Ignored.
:mozilla.72:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.149:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.150:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.104:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.105:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.106:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.55:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.53:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.39:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.142:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.143:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.144:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.145:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.146:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Aidan\Cookies\aidan@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
:mozilla.95:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.38:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.210:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.211:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.216:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.217:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.158:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.69:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.35:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.36:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.37:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.34:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.100:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.101:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.26:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.28:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.29:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.30:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.31:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.32:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.33:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.202:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.21:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Aidan\Application Data\Mozilla\Firefox\Profiles\f0qmo6c7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{50D3C843-03FC-4417-8002-4089EAFC5A9B}\RP136\A0077788.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 3:38:05 PM, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\anvshell.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
E:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6A265DFC-56F9-47E0-AA99-FADDE7AD39EF} - C:\Program Files\Common Files\horefoz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Creative Detector] e:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Varnw] C:\WINDOWS\?ystem32\r?ndll32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: bw+0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[rridgely]

Getting closer. Why is your Antivirus still not runing? If you uninstalled it or its license is expired I will recommend you one at the end of the cleaning.

Follow the below instructions:

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

[Nojoy]

I can guarantee that I uninstalled it or that its license is expired



Aidan - 06-11-06 17:46:20.20 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\wallpap.exe
C:\Program Files\Inetget2
C:\Program Files\Common Files\{3C94746B-04B0-1033-0516-050818040002}
C:\Program Files\Common Files\{AC94746B-04B0-1033-0516-050818040002}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Aidan\Application Data\STEM~1
C:\QooBox\Purity\Documents and Settings\Aidan\Application Data\STEM~1\??stem
C:\QooBox\Purity\WINDOWS\YSTEM3~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


2006-11-06 00:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-05 23:07 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2006-11-04 20:38 0 --a------ C:\cmtrm.exe
2006-11-04 20:36 0 --a------ C:\hesr.exe
2006-11-04 20:35 0 --a------ C:\lujt.exe
2006-11-04 20:14 73,728 --a------ C:\Documents and Settings\Aidan\now.exe
2006-10-17 17:11 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-11-06 17:46 -------- d-------- C:\Program Files\Common Files
2006-11-06 17:45 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-06 16:53 -------- d-------- C:\Documents and Settings\Aidan\Application Data\OpenOffice.org2
2006-11-06 15:36 -------- d-------- C:\Program Files\MSN Messenger
2006-11-05 23:07 -------- d-------- C:\Program Files\MUSICMATCH
2006-11-05 23:07 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-05 23:00 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-05 23:00 -------- d-------- C:\Documents and Settings\Aidan\Application Data\SUPERAntiSpyware.com
2006-11-04 23:08 517 --a------ C:\Program Files\Common Files\horefoz
2006-10-24 19:12 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-10-17 18:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-17 17:11 -------- dr-h----- C:\Documents and Settings\Aidan\Application Data\SecuROM
2006-10-16 17:23 -------- d-------- C:\Documents and Settings\Aidan\Application Data\SlimBrowser
2006-10-14 17:32 -------- d-------- C:\Program Files\SlimBrowser
2006-10-14 12:17 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 14:40 -------- d-------- C:\Program Files\Java
2006-10-09 11:42 -------- d-------- C:\Program Files\Logitech
2006-09-30 21:51 -------- d-------- C:\Documents and Settings\Aidan\Application Data\acccore
2006-09-30 21:50 -------- d-------- C:\Program Files\Viewpoint
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-30 21:50 -------- d-------- C:\Program Files\AOL
2006-09-27 18:55 -------- d-------- C:\Program Files\Jap
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 20:11 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-09-06 19:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 19:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 19:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-09-04 20:26 1565 --a------ C:\Documents and Settings\Aidan\Application Data\AdobeDLM.log
2006-09-04 20:26 0 --a------ C:\Documents and Settings\Aidan\Application Data\dm.ini
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-06 09:43 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Creative Detector"="e:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Varnw"="C:\\WINDOWS\\?ystem32\\r?ndll32.exe"
"SUPERAntiSpyware"="E:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"anvshell"="anvshell.exe"
"Logitech Utility"="LOGI_MWX.EXE"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"pccguide.exe"="\"E:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"E:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1159671010\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"ACTX1"="C:\\WINDOWS\\v1201.exe"
"!AVG Anti-Spyware"="\"e:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MUSICMATCH\\kyzer.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\MSN Gaming Zone\\howypyp.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 06-11-06 17:47:34.29
C:\ComboFix.txt ... 06-11-06 17:47

[rridgely]

Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

-------------

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.


Post back both logs.

[Nojoy]

11/06/06 18:01:42 [Info]: BlackLight Engine 1.0.47 initialized
11/06/06 18:01:42 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/06/06 18:01:42 [Note]: 7019 4
11/06/06 18:01:42 [Note]: 7005 0
11/06/06 18:01:44 [Note]: 7006 0
11/06/06 18:01:44 [Note]: 7011 192
11/06/06 18:01:45 [Note]: 7026 0
11/06/06 18:01:45 [Note]: 7026 0
11/06/06 18:01:55 [Note]: FSRAW library version 1.7.1020


SmitFraudFix v2.119

Scan done at 18:11:33.40, 06/11/2006
Run from C:\Documents and Settings\Aidan\Local Settings\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\uniq FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aidan


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aidan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Aidan\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MUSICMATCH\\kyzer.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\MSN Gaming Zone\\howypyp.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

[rridgely]

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, a menu with options should appear;
  
• Select the first option, to run Windows in Safe Mode, then press "Enter".
  
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

[Nojoy]

When I was running Blacklight, my PC restarted without me telling it too. I'm not sure if thats part of Blacklight or not...

[rridgely]

I dont think so.
Could have just been an error. As long as everything booted back up it should be fine. Just run the next step.

[Nojoy]

SmitFraudFix v2.45

Scan done at 18:33:23.59, 06/11/2006
Run from E:\Temp\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\uniq Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End



Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 6:40:27 PM, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\asuskbservice.exe
e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\anvshell.exe
C:\WINDOWS\LOGI_MWX.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
E:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Aidan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6A265DFC-56F9-47E0-AA99-FADDE7AD39EF} - C:\Program Files\Common Files\horefoz.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1159671010\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Creative Detector] e:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Varnw] C:\WINDOWS\?ystem32\r?ndll32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = E:\Program Files\D-Link AirPlus G\AIRPLUS.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?42dea8ef24a24b1096b1d2d35529550a
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: bw+0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4DB0C968-EE3A-4D83-B788-BF3F05B77714} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - e:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[rridgely]

Please run combofix again and post a new log.

[Nojoy]

Aidan - 06-11-06 18:58:47.73 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Aidan\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Aidan\Application Data\STEM~1
C:\QooBox\Purity\Documents and Settings\Aidan\Application Data\STEM~1\??stem
C:\QooBox\Purity\WINDOWS\YSTEM3~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


2006-11-06 18:11 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-06 18:11 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-06 18:11 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-06 18:11 2,828 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-06 18:11 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-06 00:08 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-05 23:07 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2006-11-04 20:38 0 --a------ C:\cmtrm.exe
2006-11-04 20:36 0 --a------ C:\hesr.exe
2006-11-04 20:35 0 --a------ C:\lujt.exe
2006-11-04 20:14 73,728 --a------ C:\Documents and Settings\Aidan\now.exe
2006-10-17 17:11 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-06 18:40 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-06 18:37 -------- d-------- C:\Documents and Settings\Aidan\Application Data\OpenOffice.org2
2006-11-06 17:46 -------- d-------- C:\Program Files\Common Files
2006-11-06 15:36 -------- d-------- C:\Program Files\MSN Messenger
2006-11-05 23:07 -------- d-------- C:\Program Files\MUSICMATCH
2006-11-05 23:07 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-11-05 23:00 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-05 23:00 -------- d-------- C:\Documents and Settings\Aidan\Application Data\SUPERAntiSpyware.com
2006-11-04 23:08 517 --a------ C:\Program Files\Common Files\horefoz
2006-10-24 19:12 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-10-17 18:19 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-17 17:11 -------- dr-h----- C:\Documents and Settings\Aidan\Application Data\SecuROM
2006-10-16 17:23 -------- d-------- C:\Documents and Settings\Aidan\Application Data\SlimBrowser
2006-10-14 17:32 -------- d-------- C:\Program Files\SlimBrowser
2006-10-14 12:17 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-12 14:40 -------- d-------- C:\Program Files\Java
2006-10-09 11:42 -------- d-------- C:\Program Files\Logitech
2006-09-30 21:51 -------- d-------- C:\Documents and Settings\Aidan\Application Data\acccore
2006-09-30 21:50 -------- d-------- C:\Program Files\Viewpoint
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-30 21:50 -------- d-------- C:\Program Files\AOL
2006-09-27 18:55 -------- d-------- C:\Program Files\Jap
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 20:11 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-09-06 19:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 19:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 19:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-09-04 20:26 1565 --a------ C:\Documents and Settings\Aidan\Application Data\AdobeDLM.log
2006-09-04 20:26 0 --a------ C:\Documents and Settings\Aidan\Application Data\dm.ini
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-06 09:43 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="E:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"Creative Detector"="e:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Varnw"="C:\\WINDOWS\\?ystem32\\r?ndll32.exe"
"SUPERAntiSpyware"="E:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"anvshell"="anvshell.exe"
"Logitech Utility"="LOGI_MWX.EXE"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"pccguide.exe"="\"E:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"E:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1159671010\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"ACTX1"="C:\\WINDOWS\\v1201.exe"
"!AVG Anti-Spyware"="\"E:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 06-11-06 18:59:41.09
C:\ComboFix.txt ... 06-11-06 18:59
C:\ComboFix2.txt ... 06-11-06 17:47

[rridgely]

Download Killbox from Here

Run Killbox by clicking the killbox.exe file on the desktop

In the Full Path of File to Delete window type (or copy and paste)

C:\WINDOWS\v1201.exe

Select the options Delete on reboot

Click the button: Single File and it should then flash green.

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Come back with a new hijackthis log.

[Nojoy]

When I try to run it, a window pops up saying "Component 'MSCOMCTL.OCX' or one of its dependencies is not correctly registered: a file is missing or invalid" and I can't run it

[rridgely]

Look here:
http://www.majorgeek...aqshow.php?id=8

Let me know if that will work for you.