Trojan Horse Lop.as

Started by DthStar, Jan 12 2007 12:49 AM

You cannot reply to this topic

12 replies to this topic

#1 OFFLINE DthStar

Newbie

Members
7 posts

Posted 12 January 2007 - 12:49 AM

Hello,

I have serious problems with this ***** Lop.AS trojan horse. Please help me.
AVG identify the problem as Lop.AS in my temp internet files.

Here is my highjack this log:

Logfile of HijackThis v1.99.1
Scan saved at 01:45:50, on 12.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\Easy Synchronization\servicestub.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Media Connect 2\WMCCFG.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program\Logitech\MediaLife\MediaLifeService.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\QuickTime\qttask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\{C88A308B-063F-1044-0422-04020320002f}\Update.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\Skype\Phone\Skype.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\iddC.tmp.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\TEMP\win15.tmp.exe
C:\WINDOWS\TEMP\idd16.tmp.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {BEE42B8C-3844-4412-8B81-200DD8FE7DF1} - C:\WINDOWS\system32\vtuusts.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{C88A308B-063F-1044-0422-04020320002f}] "C:\Program\Delade filer\{C88A308B-063F-1044-0422-04020320002f}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [IpWins] C:\Program\Ipwindows\ipwins.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ekstranett.cdgsandberg.com
O18 - Protocol: bw+0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: vtuusts - C:\WINDOWS\SYSTEM32\vtuusts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winakc32 - C:\WINDOWS\SYSTEM32\winakc32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program\Delade filer\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

----------------------------------------
My Zone Alarm also picks up a lot of activity. For example, idd16.tmp.exe, wants to connect to IP: 82.98.235.63:HTTP

Please help me!!

Regards DthStar
Oslo, Norway

#2 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 12 January 2007 - 12:59 AM

Welcome to the forum.
Your computer is infected with a few things so lets get started.

Download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

----------------

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

--------

In your next reply I want the superantispyware log, the combofix log, and a new hijackthis log taken after both of the scans.

#3 OFFLINE DthStar

Newbie

Members
7 posts

Posted 12 January 2007 - 06:19 AM

Thank you for quick answer. Here are the new logs (just had to sleep for a couple of hours;) )

SUPERAntiSpyware Scan Log
Generated 01/12/2007 at 03:01 AM

Application Version : 3.4.1000

Core Rules Database Version : 3143
Trace Rules Database Version: 1175

Scan type : Complete Scan
Total Scan Time : 00:40:50

Memory items scanned : 547
Memory threats detected : 5
Registry items scanned : 5679
Registry threats detected : 18
File items scanned : 10960
File threats detected : 24

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINAKC32.DLL
C:\WINDOWS\SYSTEM32\WINAKC32.DLL

Trojan.Downloader-AutoAff
C:\WINDOWS\SYSTEM32\VTUUSTS.DLL
C:\WINDOWS\SYSTEM32\VTUUSTS.DLL

Trojan.Svchosts
C:\WINDOWS\SYSTEM32\SVCHOSTS.EXE
C:\WINDOWS\SYSTEM32\SVCHOSTS.EXE
C:\WINDOWS\Prefetch\SVCHOSTS.EXE-06B6C8D2.pf

Trojan.Update-Mcboo
C:\PROGRAM\DELADE FILER\{C88A308B-063F-1044-0422-04020320002F}\UPDATE.EXE
C:\PROGRAM\DELADE FILER\{C88A308B-063F-1044-0422-04020320002F}\UPDATE.EXE
C:\WINDOWS\Prefetch\UPDATE.EXE-3589B6F0.pf

Adware.IPWins
C:\PROGRAM\IPWINDOWS\IPWINS.EXE
C:\PROGRAM\IPWINDOWS\IPWINS.EXE
HKU\S-1-5-21-1343024091-507921405-854245398-1003\Software\IpWins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IpWins#UninstallString
C:\WINDOWS\Prefetch\IPWINS.EXE-38CEB50D.pf

Trojan.Downloader-WBRock
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vtuusts

Adware.Tracking Cookie
C:\Documents and Settings\Andreas\Cookies\andreas@ads.vg.basefarm[1].txt
C:\Documents and Settings\Andreas\Cookies\andreas@tribalfusion[1].txt
C:\Documents and Settings\Andreas\Cookies\andreas@bluestreak[1].txt
C:\Documents and Settings\Andreas\Cookies\andreas@doubleclick[1].txt
C:\Documents and Settings\Andreas\Cookies\andreas@partypoker[1].txt
C:\Documents and Settings\Andreas\Cookies\andreas@atdmt[1].txt
C:\Documents and Settings\Andreas\Cookies\andreas@ad.yieldmanager[1].txt
C:\Documents and Settings\Andreas\Cookies\andreas@www.burstnet[1].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV

Adware.ClickSpring/Yazzle
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin#UninstallString
C:\PROGRAM\DELADE FILER\YAZZLE1122OINADMIN.EXE
C:\PROGRAM\DELADE FILER\YAZZLE1122OINUNINSTALLER.EXE
C:\PROGRAM\DELADE FILER\YAZZLE1162OINUNINSTALLER.EXE

Adware.Universa
C:\DOCUMENTS AND SETTINGS\ANDREAS\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\2JM7IHYR\SRVHDN[1].EXE
C:\DOCUMENTS AND SETTINGS\ANDREAS\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\73PV3PCW\SRVNFT[1].EXE
C:\DOCUMENTS AND SETTINGS\ANDREAS\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\AHDIBM1G\SRVKVF[1].EXE
C:\DOCUMENTS AND SETTINGS\ANDREAS\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\O9GLER8H\SRVOWQ[1].EXE
C:\DOCUMENTS AND SETTINGS\ANDREAS\LOKALA INSTäLLNINGAR\TEMPORARY INTERNET FILES\CONTENT.IE5\ZBDJVP0W\SRVIWN[1].EXE

------------------------------------------------------------------------------------------------------------------------------------

Andreas - 07-01-12 7:05:27,66 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Andreas\Skrivbord"

((((((((((((((((((((((((((((((( Files Created from 2006-12-12 to 2007-01-12 ))))))))))))))))))))))))))))))))))

2007-01-12 02:17 <KAT> d-------- C:\Program\SUPERAntiSpyware
2007-01-12 02:17 <KAT> d-------- C:\Documents and Settings\Andreas\Application Data\SUPERAntiSpyware.com
2007-01-12 02:16 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-01-12 01:30 <KAT> d-------- C:\!KillBox
2007-01-12 01:15 <KAT> dr-h----- C:\Documents and Settings\Andreas\Recent
2007-01-12 00:44 <KAT> d-------- C:\Program\Yahoo!
2007-01-12 00:44 <KAT> d-------- C:\Program\CCleaner
2007-01-12 00:05 <KAT> d-------- C:\Program\Hijackthis
2007-01-11 21:21 22,541 ---hs---- C:\WINDOWS\system32\yayaaay.dll
2007-01-10 21:28 0 --a------ C:\vbwetvvj.exe
2007-01-10 21:28 0 --a------ C:\iekv.exe
2007-01-10 21:28 <KAT> d-------- C:\Program\Ipwindows
2007-01-10 21:27 0 --a------ C:\xkburv.exe
2007-01-10 21:27 0 --a------ C:\vcman.exe
2007-01-10 21:27 0 --a------ C:\nyan.exe
2007-01-10 21:27 0 --a------ C:\ekdc.exe
2007-01-10 21:26 0 --a------ C:\rftketp.exe
2007-01-10 21:26 0 --a------ C:\npsitvqn.exe
2007-01-06 18:46 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-01 18:59 <KAT> d-------- C:\Games
2006-12-27 19:45 <KAT> d-------- C:\Program\Any Video Converter
2006-12-25 00:11 <KAT> d-------- C:\Program\iTunes
2006-12-25 00:00 <KAT> d-------- C:\Program\Apple Software Update

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-12 06:58 -------- d-------- C:\Program\Delade filer
2007-01-10 21:02 -------- d-------- C:\Program\Opera
2007-01-10 21:01 -------- d--h----- C:\Program\InstallShield Installation Information
2007-01-10 21:01 -------- d-------- C:\Program\Call of Duty
2007-01-10 07:13 -------- d-------- C:\Documents and Settings\Andreas\Application Data\Azureus
2007-01-02 23:30 -------- d-------- C:\Documents and Settings\Andreas\Application Data\Skype
2006-12-31 14:00 -------- d-------- C:\Program\Java
2006-12-25 00:11 -------- d-------- C:\Program\iPod
2006-12-25 00:02 -------- d-------- C:\Program\QuickTime
2006-12-16 18:33 -------- d-------- C:\Program\Internet Explorer
2006-12-16 18:31 -------- d-------- C:\Program\Outlook Express
2006-12-16 18:31 -------- d-------- C:\Program\Delade filer\System
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-19 10:01 -------- d-------- C:\Program\MSXML 4.0
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-06 23:30 592 --a------ C:\WINDOWS\chgkey.vbs
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-20 02:39 712192 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 13:41 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:41 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:41 141824 --a------ C:\WINDOWS\system32\nwprovau.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"MessengerPlus3"="\"C:\\Program\\Messenger Plus! 3\\MsgPlus.exe\" /WinStart"
"Skype"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"LDM"="C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"DAEMON Tools-1033"="\"C:\\Program\\D-Tools\\daemon.exe\" -lang 1033"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MessengerPlus3"="\"C:\\Program\\Messenger Plus! 3\\MsgPlus.exe\""
"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE USB PC Camera 302"
"AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Windows Media Connect 2"="\"C:\\Program\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"Easy Synchronization"="C:\\Program\\Logitech\\Easy Synchronization\\LogitechEasySync.exe"
"MediaLifeService"="\"C:\\Program\\Logitech\\MediaLife\\MediaLifeService.exe\""
"Zone Labs Client"="\"C:\\Program\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""
"{C88A308B-063F-1044-0422-04020320002f}"="\"C:\\Program\\Delade filer\\{C88A308B-063F-1044-0422-04020320002f}\\Update.exe\" mc-110-12-0000272"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Easy Synchronization"="C:\\Program\\Logitech\\Easy Synchronization\\LogitechEasySync.exe --ports"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Min aktuella startsida"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,18,01,00,00,00,00,00,00,60,04,00,00,fc,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,dc,00,00,00,dc,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\Program\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"="ShellExecuteHook class"
"{BEE42B8C-3844-4412-8B81-200DD8FE7DF1}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winakc32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-12 7:07:39.89
C:\ComboFix.txt ... 07-01-12 07:07
C:\ComboFix2.txt ... 07-01-12 06:58

------------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 07:13:50, on 12.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Media Connect 2\WMCCFG.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program\Logitech\MediaLife\MediaLifeService.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\QuickTime\qttask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\Skype\Phone\Skype.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {BEE42B8C-3844-4412-8B81-200DD8FE7DF1} - C:\WINDOWS\system32\vtuusts.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{C88A308B-063F-1044-0422-04020320002f}] "C:\Program\Delade filer\{C88A308B-063F-1044-0422-04020320002f}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ekstranett.cdgsandberg.com
O18 - Protocol: bw+0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winakc32 - winakc32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program\Delade filer\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I think that was it. All the logs should be there.
Thank you for doing this!!!!!

PS: Just to let you know. After I had done the SuperAntispyware I had was told to reboot. When I did that I got the blue screen (of death) a couple of times when the computer tried to start again. I starded in safe mode, and then just rebooted again. Then I came back on:), did the combofix and HJT. Now I am curious about these new reports!

Regards,
DthStar

#4 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 12 January 2007 - 06:54 AM

Download AVG Anti-Spyware

Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top and then click on Complete System Scan
Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Note that this is not AVG antivirus but the program formally known as Ewido.
----------

Run Kaspersky WebScanner

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

Run both scans in the order they are list and post their logs in your next reply. Also post a new hijackthis log as well.

#5 OFFLINE DthStar

Newbie

Members
7 posts

Posted 12 January 2007 - 10:24 AM

Hello Again,

New logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:26:41 12.01.2007

+ Scan result:

C:\Program\Ipwindows\ipwins.dll -> Adware.Maxifiles : Ignored.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096724.exe -> Adware.Maxifiles : Ignored.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP402\A0092558.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096723.exe -> Adware.Softomate : Ignored.
C:\WINDOWS\pxwma.dll -> Adware.Webdir : Ignored.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP401\A0092539.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096722.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Documents and Settings\Andreas\Cookies\andreas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

::Report end

--------------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, January 12, 2007 10:58:20 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/01/2007
Kaspersky Anti-Virus database records: 257894
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 66107
Number of viruses found: 12
Number of infected objects: 33 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:19:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Andreas\.housecall\Quarantine\Chin rdr.exe.bac_a01912 Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Chin rdr.exe.bac_a01912 Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Genuine_In_5_sec.rar.bac_a03496/RockXP4.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Genuine_In_5_sec.rar.bac_a03496/RockXP4.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Genuine_In_5_sec.rar.bac_a03496/RockXP4.exe/data.rar/RockXP4_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Genuine_In_5_sec.rar.bac_a03496/RockXP4.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Genuine_In_5_sec.rar.bac_a03496/RockXP4.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Genuine_In_5_sec.rar.bac_a03496 RAR: infected - 5 skipped
C:\Documents and Settings\Andreas\.housecall6.6\Quarantine\Genuine_In_5_sec.rar.bac_a03496 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\call256.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\chat2048.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\chat4096.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\chat512.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\index2.dat Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\message256.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\user1024.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\user4096.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Skype\nilsenandreas\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Andreas\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Andreas\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andreas\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andreas\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andreas\Lokala inställningar\Temp\Perflib_Perfdata_2c4.dat Object is locked skipped
C:\Documents and Settings\Andreas\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andreas\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andreas\Lokala inställningar\Tidigare\History.IE5\MSHist012007011220070113\index.dat Object is locked skipped
C:\Documents and Settings\Andreas\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Andreas\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Andreas\Skrivbord\Downloads\Windows Genuine in 5 seconds\RockXP4.exe/data.rar/pwdump2/pwdump2.exe Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Andreas\Skrivbord\Downloads\Windows Genuine in 5 seconds\RockXP4.exe/data.rar/pwdump2/samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Andreas\Skrivbord\Downloads\Windows Genuine in 5 seconds\RockXP4.exe/data.rar/RockXP4_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Andreas\Skrivbord\Downloads\Windows Genuine in 5 seconds\RockXP4.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Andreas\Skrivbord\Downloads\Windows Genuine in 5 seconds\RockXP4.exe RarSFX: infected - 4 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\BWDocMap.pht Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\BWInfopakMap.pht Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\chandir.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\chandir.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\chn.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\chn.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\D0000000.FCS Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\inuse.txt Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\L0000016.FCS Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\main.log Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_die.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_die.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_dnd.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_dnd.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_ext.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_ext.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_rcv.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\prs_rcv.idx Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\storydb.dat Object is locked skipped
C:\Program\Logitech\Desktop Messenger\8876480\Users\Andreas\Data\storydb.idx Object is locked skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine4EE2EB3.htm Infected: Exploit.HTML.Mht skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine51C7A81.htm Infected: Exploit.HTML.Mht skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\3A40209E.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\50D409CE.tmp Infected: Exploit.VBS.Phel.i skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA5DC7.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA5DC7.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA5DC7.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA5DC7.zip ZIP: infected - 3 skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\50DA5DC7.zip CryptFF: infected - 3 skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\54A93FE0.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\57AC7490.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\57BC467E.htm Infected: Exploit.VBS.Phel.a skipped
C:\Program\Norton SystemWorks\Norton AntiVirus\Quarantine\57C31A77.htm Infected: Exploit.VBS.Phel.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP402\A0092557.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP402\A0092558.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0094720.dll Suspicious: PECompact skipped
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096723.exe Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096724.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.ab skipped
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096728.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\change.log Object is locked skipped
C:\WINDOWS\$_hpcst$.hpc Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\ANDREAS.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\pxwma.dll Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT04319.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT04329.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:23:33, on 12.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\Easy Synchronization\servicestub.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Media Connect 2\WMCCFG.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program\Logitech\MediaLife\MediaLifeService.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\QuickTime\qttask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\Skype\Phone\Skype.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {BEE42B8C-3844-4412-8B81-200DD8FE7DF1} - C:\WINDOWS\system32\vtuusts.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{C88A308B-063F-1044-0422-04020320002f}] "C:\Program\Delade filer\{C88A308B-063F-1044-0422-04020320002f}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ekstranett.cdgsandberg.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bw+0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winakc32 - winakc32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program\Delade filer\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------------------------

That was it:) Hope to hear from you soon.

Regards
DthStar

#6 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 12 January 2007 - 06:27 PM

Run the avg antispyware scan again and instead of using the recommended action set everything it finds to delete. Post a new avg log showing that they were deleted and then post a new hijackthis log.(after that we will make our final sweep of your pc with some manual deletions.

)

#7 OFFLINE DthStar

Newbie

Members
7 posts

Posted 12 January 2007 - 07:55 PM

Hello

Here's the logs:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:48:57 12.01.2007

+ Scan result:

C:\Program\Ipwindows\ipwins.dll -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096724.exe -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP402\A0092557.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP402\A0092558.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096723.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C58B1AC-F94C-4CBB-A391-F9E083C65637}\RP403\A0096728.dll -> Adware.Softomate : Cleaned.
C:\WINDOWS\pxwma.dll -> Adware.Webdir : Cleaned.
C:\Documents and Settings\Andreas\Cookies\andreas@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 20:50:25, on 12.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Media Connect 2\WMCCFG.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program\Logitech\MediaLife\MediaLifeService.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\QuickTime\qttask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {BEE42B8C-3844-4412-8B81-200DD8FE7DF1} - C:\WINDOWS\system32\vtuusts.dll (file missing)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{C88A308B-063F-1044-0422-04020320002f}] "C:\Program\Delade filer\{C88A308B-063F-1044-0422-04020320002f}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ekstranett.cdgsandberg.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bw+0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winakc32 - winakc32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program\Delade filer\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Again...thank you for doing this...

Best Regards,
DthStar

#8 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 12 January 2007 - 08:41 PM

Glad to help.

Find and delete the following files/folders.

C:\Documents and Settings\Andreas\.housecall\Quarantine <- Folder

C:\Documents and Settings\Andreas\Skrivbord\Downloads\Windows Genuine in 5 seconds\RockXP4.exe <- File

C:\Program\Norton SystemWorks\Norton AntiVirus <- Folder

C:\WINDOWS\pxwma.dll <- File

Let me know if you have any problem finding or deleting those file/folders.
------------------------------------------
You need to clear your system restore because its infected.

To Flush the infected restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

--------------------
Open hijackthis and do a system scan only. Then check off the following lines.

O2 - BHO: (no name) - {BEE42B8C-3844-4412-8B81-200DD8FE7DF1} - C:\WINDOWS\system32\vtuusts.dll (file missing)

O4 - HKLM\..\Run: [{C88A308B-063F-1044-0422-04020320002f}] "C:\Program\Delade filer\{C88A308B-063F-1044-0422-04020320002f}\Update.exe" mc-110-12-0000272

O20 - Winlogon Notify: winakc32 - winakc32.dll (file missing)

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)

Now press fix checked and exit hijackthis. Reboot your computer and post a new hijackthis log.

#9 OFFLINE DthStar

Newbie

Members
7 posts

Posted 12 January 2007 - 09:31 PM

Hi,

I did everything except...I did not find the pxwma.dll file (C:\WINDOWS\pxwma.dll <- File"), so I could not delete this one. Other than that I have done everything.

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 22:29:19, on 12.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Logitech\Easy Synchronization\servicestub.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\Messenger Plus! 3\MsgPlus.exe
C:\Program\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Windows Media Connect 2\WMCCFG.exe
C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program\Logitech\MediaLife\MediaLifeService.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program\QuickTime\qttask.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\Skype\Phone\Skype.exe
C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\Program\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program\WIDCOMM\Bluetooth-programvare\BTTray.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvare\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ekstranett.cdgsandberg.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: bw+0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5114D957-B4FF-4440-8D1B-20F0B700C87C} - C:\Program\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program\Delade filer\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Regards,
DthStar

#10 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 12 January 2007 - 09:53 PM

Nevermind that file, I made a mistake. It was removed by avg antispyware the second time you scanned.

How does your pc seem? Back to normal?

#11 OFFLINE DthStar

Newbie

Members
7 posts

Posted 12 January 2007 - 10:39 PM

Hello

The PC works super nice now! The Lop.AS is gone, and probably a lot of other stuff I didnt know I had.....
I don't know what we've just been going through here today, but it sure worked out perfect!! What I am most impressed with is the help and super quick answers you have given me all day! I think this took just about 24 hours:)

This forum will forever and ever be listed on top of my favorite list!

Enjoy the weekend!! I know I will

Best regards,

DthStar

#12 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 12 January 2007 - 10:46 PM

Awesome glad everything thing is fixed.

I just didn't have class/work today so I was sitting around the house most of the day.

(doesn't happen that often anymore.

)

I suggest you run windows update and get Internet Explorer 7 and all of the other updates.
Also take a look through this guide for some ways to prevent spyware/viruses:
http://forum.CCleane...?showtopic=7936

#13 OFFLINE DthStar

Newbie

Members
7 posts

Posted 12 January 2007 - 10:58 PM

Thanx Again,

I will read everything

Now I will lean back with a nice movie and get a good night sleep. Didnt sleep too much last night......

Again, thank you...take care

Oslo, Norway says goodnight!!

Regards,
DthStar

Back to Spyware Hell