Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I Have Viruses


  • Please log in to reply
14 replies to this topic

#1 XilStorm

XilStorm

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 05 August 2007 - 08:43 PM

Yesterday, I noticed my new computer is way slower than it was when I originally got it. Any help analyzing these logs will be greatly appreciated.

I also have a AVG and Ad-aware log. If you want one of these logs, please tell. Please suggest anything, anything at all.
_____________________________________
TrendMicro HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:36:29 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Shivam\Desktop\scanner.exe

O2 - BHO: (no name) - {36D7CD24-E766-4F93-96E9-F5EC2EE93BC4} - C:\WINDOWS\system\tfpatsk.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\nrxyaidb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Shivam\LOCALS~1\Temp\{5EA9456F-DBB6-41DC-9741-17D5E97666B6}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\wohqokbu.dll",forkonce
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: tfpatsk - C:\WINDOWS\system\tfpatsk.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)



Thanks
----
XilStorm
----- eXile officer XilStorm, checking in -----

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:46 AM

Posted 05 August 2007 - 10:25 PM

Welcome to BC :thumbsup:

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#3 XilStorm

XilStorm
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 06 August 2007 - 10:13 AM

ok, here is the combofix's log. HJT #2 coming next

____________________
ComboFix 07-08-04.3 - "Shivam" 2007-08-06 11:04:25.1 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\nrxyaidb.dll
C:\WINDOWS\system32\ssalypxx.exe


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 11:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 22:08 <DIR> d-------- C:\Program Files\SiSoftware
2007-08-05 15:24 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\ViStart
2007-08-05 15:09 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-08-05 15:02 7,333,376 --a------ C:\WINDOWS\system32\vistaui.exe
2007-08-05 15:02 305,447 --a------ C:\WINDOWS\system32\viwc.exe
2007-08-05 15:02 <DIR> d-------- C:\Program Files\VisualTooltip
2007-08-05 15:02 <DIR> d-------- C:\Program Files\ViStart
2007-08-05 15:02 <DIR> d-------- C:\Program Files\Vista Sidebar
2007-08-05 15:02 <DIR> d-------- C:\Program Files\ViOrb
2007-08-05 15:02 <DIR> d-------- C:\Program Files\Styler
2007-08-05 15:02 <DIR> d-------- C:\Program Files\LClock
2007-08-05 14:58 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2007-08-05 14:58 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-08-05 14:58 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-08-05 14:58 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-08-05 14:58 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-08-05 14:58 <DIR> d-------- C:\VTPFiles
2007-08-05 14:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-05 12:48 125,504 --a------ C:\WINDOWS\system32\wohqokbu.dll
2007-08-05 12:39 1,757,877 ---hs---- C:\WINDOWS\system\kstapft.bak2
2007-08-05 00:30 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-08-04 20:01 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-04 19:54 6,467 ---hs---- C:\WINDOWS\system\kstapft.bak1
2007-08-04 19:53 266,240 ---hs---- C:\WINDOWS\system\tfpatsk.dll
2007-08-04 19:52 8,192 --a------ C:\DOCUME~1\Shivam\APPLIC~1\__c00BABD3.exe
2007-08-04 19:52 118,021 --a------ C:\WINDOWS\system32\__c00C9FC4.exe
2007-08-04 19:50 8,192 --a------ C:\DOCUME~1\Shivam\APPLIC~1\__c001085.exe
2007-08-04 19:49 <DIR> d-------- C:\Program Files\SphereXP
2007-08-04 15:00 <DIR> d-------- C:\Program Files\Symantec
2007-08-03 23:45 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-08-03 23:45 <DIR> d-------- C:\Program Files\WinCustomize
2007-08-03 23:45 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-08-03 23:22 <DIR> d-------- C:\Program Files\TweakXP 2
2007-08-03 22:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-03 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-03 22:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 22:36 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-08-03 22:35 <DIR> d-------- C:\Program Files\themexp
2007-08-03 22:35 <DIR> d-------- C:\Program Files\OneStepSearch
2007-08-03 22:31 <DIR> d-------- C:\Program Files\Logon Loader
2007-08-03 18:38 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\Apple Computer
2007-08-03 18:37 <DIR> d-------- C:\Program Files\QuickTime
2007-08-03 18:37 <DIR> d-------- C:\Program Files\iTunes
2007-08-03 18:37 <DIR> d-------- C:\Program Files\iPod
2007-08-03 18:37 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-03 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-03 18:36 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-03 18:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-02 20:32 <DIR> d---s---- C:\DOCUME~1\Shivam\UserData
2007-08-02 20:31 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-02 20:31 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-02 20:31 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-02 20:23 713,216 -----c--- C:\WINDOWS\system32\dllcache\sxs.dll
2007-08-02 20:23 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-08-02 20:22 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2007-08-02 20:22 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-08-02 20:21 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-02 14:57 <DIR> d-------- C:\Program Files\SpeedFan
2007-08-02 12:11 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-08-02 12:10 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-02 12:10 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-08-02 12:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-02 12:09 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-02 12:09 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-02 12:07 <DIR> dr-h----- C:\MSOCache
2007-08-02 12:04 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\WinRAR
2007-08-02 11:35 185,344 -----c--- C:\WINDOWS\system32\dllcache\upnphost.dll
2007-08-02 11:33 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-02 11:26 90,112 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-08-02 11:26 9,698,816 --a------ C:\WINDOWS\RTLCPL.EXE
2007-08-02 11:26 69,632 --a------ C:\WINDOWS\ALCMTR.EXE
2007-08-02 11:26 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-08-02 11:26 3,134,976 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-08-02 11:26 294,912 --a------ C:\WINDOWS\HideWin.exe
2007-08-02 11:26 2,805,248 --a------ C:\WINDOWS\ALCWZRD.EXE
2007-08-02 11:26 2,032,128 --a------ C:\WINDOWS\MicCal.exe
2007-08-02 11:26 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-08-02 11:26 14,477,312 --a------ C:\WINDOWS\RTHDCPL.EXE
2007-08-02 11:26 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-08-02 11:25 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-08-02 11:25 <DIR> d-------- C:\Program Files\Realtek
2007-08-02 11:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-02 08:18 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2007-08-02 08:18 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-08-02 08:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-01 22:53 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\Google
2007-08-01 22:51 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-08-01 22:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-01 22:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-08-01 22:46 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\Viewpoint
2007-08-01 22:33 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\acccore
2007-08-01 22:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-01 22:32 <DIR> d-------- C:\Program Files\Viewpoint
2007-08-01 22:32 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-08-01 22:32 <DIR> d-------- C:\Program Files\AIM6
2007-08-01 22:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-08-01 22:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-08-01 22:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-08-01 22:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 15:33 3751936 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-08-05 15:24 --------- d-------- C:\Program Files\Folding@Home
2007-08-02 20:36 --------- d-------- C:\Program Files\Messenger
2007-08-02 11:25 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-01 22:32 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-01 21:39 --------- d-------- C:\Program Files\Movie Maker
2007-08-01 21:38 --------- d-------- C:\Program Files\Windows NT
2007-06-23 20:47 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-23 15:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-06-23 15:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-06-23 15:33 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-23 13:12 --------- d-------- C:\DOCUME~1\Shivam\APPLIC~1\ATI
2007-06-22 17:44 --------- d-------- C:\Program Files\ATI Technologies
2007-06-22 17:22 --------- d-------- C:\DOCUME~1\Shivam\APPLIC~1\Logitech
2007-06-22 16:52 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-22 16:45 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-06-22 16:45 --------- d-------- C:\Program Files\Logitech
2007-06-22 16:39 1156 --a------ C:\WINDOWS\mozver.dat
2007-06-22 16:32 --------- d-------- C:\DOCUME~1\Shivam\APPLIC~1\MSN6
2007-06-22 16:29 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-22 16:29 --------- d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2007-06-22 16:13 0 -rahs---- C:\MSDOS.SYS
2007-06-22 16:13 0 -rahs---- C:\IO.SYS
2007-06-22 16:13 0 --a------ C:\CONFIG.SYS
2007-06-22 16:13 0 --a------ C:\AUTOEXEC.BAT
2007-06-22 16:13 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-22 16:11 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-22 16:10 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-22 16:10 --------- d-------- C:\Program Files\Online Services
2007-06-22 16:10 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-06-22 12:06 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-22 12:06 --------- d-------- C:\Program Files\Common Files\ODBC
2007-05-16 11:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D7CD24-E766-4F93-96E9-F5EC2EE93BC4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC31A71F-9818-4F6A-ACF3-20EDDB66DF9A}]
2007-08-04 19:53 266240 ---hs---- C:\WINDOWS\system\tfpatsk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-12-27 10:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-22 16:45]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-20 01:27]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-06-21 23:41]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-12-27 10:07]

C:\Documents and Settings\Shivam\Start Menu\Programs\Startup\
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [2007-06-23 13:18:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-01 22:50:09]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-22 16:45:47]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-23 15:33:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfpatsk]
C:\WINDOWS\system\tfpatsk.dll 2007-08-04 19:53 266240 C:\WINDOWS\system\tfpatsk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
R2 WUSB54GCSVC;WUSB54GCSVC;"C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe"
R3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavt2.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 RT73;Linksys Home Wireless-G USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt73.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
S3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys

*Newly Created Service* - GTNDIS5
*Newly Created Service* - HTTPFILTER

Contents of the 'Scheduled Tasks' folder
2007-08-03 22:37:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 11:06:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 11:09:14
C:\ComboFix-quarantined-files.txt ... 2007-08-06 11:09

--- E O F ---




_________________________
HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:12:21 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LClock\lclock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Folding@Home\FahCore_78.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Shivam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: bw+0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
----- eXile officer XilStorm, checking in -----

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:46 AM

Posted 06 August 2007 - 07:46 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\wohqokbu.dll
C:\WINDOWS\system\kstapft.bak2
C:\WINDOWS\system\kstapft.bak1
C:\WINDOWS\system\tfpatsk.dll
C:\DOCUME~1\Shivam\APPLIC~1\__c00BABD3.exe
C:\WINDOWS\system32\__c00C9FC4.exe
C:\DOCUME~1\Shivam\APPLIC~1\__c001085.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D7CD24-E766-4F93-96E9-F5EC2EE93BC4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC31A71F-9818-4F6A-ACF3-20EDDB66DF9A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfpatsk]

Save this as CFScript.txt
Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

In your next reply, please include a fresh Hijackthis log and Combofix log.


====================================

Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

In your next reply, please include the Panda Activescan log. Thanks
Microsoft MVP Consumer Security--2007-2010

#5 XilStorm

XilStorm
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 10 August 2007 - 06:10 PM

Oh god.


Sorry for the late reply, my computer jsut got KILLED by a downloader, i think.

For a bit, i had no start bar on startup, then the bar intermittently flashed and died.

anyway, combofix log with your instructions:

ComboFix 07-08-04.3 - "Shivam" 2007-08-10 18:56:06.2 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Shivam\Desktop\CFscript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Shivam\APPLIC~1\__c001085.exe
C:\DOCUME~1\Shivam\APPLIC~1\__c00BABD3.exe
C:\WINDOWS\system\kstapft.bak1
C:\WINDOWS\system\kstapft.bak2
C:\WINDOWS\system\tfpatsk.dll
C:\WINDOWS\system32\__c00C9FC4.exe
C:\WINDOWS\system32\iycnqdet.exe
C:\WINDOWS\system32\jgtrmbum.exe
C:\WINDOWS\system32\kenpnijs.exe
C:\WINDOWS\system32\wohqokbu.dll
C:\WINDOWS\system32\ykfbyktt.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))


2007-08-09 00:15 <DIR> d-------- C:\Program Files\WarRock
2007-08-09 00:14 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\InstallShield
2007-08-09 00:09 <DIR> d-------- C:\Program Files\AusLogics BoostSpeed
2007-08-08 23:44 <DIR> d-------- C:\WINDOWS\YoutubeEXE
2007-08-08 23:44 <DIR> d-------- C:\Program Files\YoutubeEXE
2007-08-08 23:40 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-08 23:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-08 23:40 <DIR> d-------- C:\Program Files\DAP
2007-08-08 23:39 <DIR> d-------- C:\Program Files\IObit
2007-08-08 23:39 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-08-08 23:38 <DIR> d-------- C:\Program Files\RamBooster 2.0
2007-08-08 21:16 <DIR> d-------- C:\Program Files\Atomic Clock Sync
2007-08-08 21:12 <DIR> d-------- C:\Program Files\CursorXP
2007-08-08 18:15 125,504 --a------ C:\WINDOWS\system32\biqrymqi.dll
2007-08-07 00:48 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2007-08-07 00:48 305,447 --a------ C:\WINDOWS\system32\viwc.exe
2007-08-07 00:48 <DIR> d-------- C:\Program Files\VisualTooltip
2007-08-07 00:48 <DIR> d-------- C:\Program Files\ViStart
2007-08-07 00:48 <DIR> d-------- C:\Program Files\Vista Sidebar
2007-08-07 00:48 <DIR> d-------- C:\Program Files\ViOrb
2007-08-07 00:48 <DIR> d-------- C:\Program Files\Styler
2007-08-07 00:48 <DIR> d-------- C:\Program Files\LClock
2007-08-07 00:34 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-08-07 00:34 <DIR> d-------- C:\Program Files\Stardock
2007-08-07 00:21 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-08-06 12:54 125,504 --a------ C:\WINDOWS\system32\dipkofio.dll
2007-08-06 12:46 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\vlc
2007-08-06 12:45 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-06 12:39 <DIR> d-------- C:\DOCUME~1\Shivam\dwhelper
2007-08-06 11:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 22:08 <DIR> d-------- C:\Program Files\SiSoftware
2007-08-05 15:24 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\ViStart
2007-08-05 14:58 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2007-08-05 14:58 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-08-05 14:58 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-08-05 14:58 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-08-05 14:58 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-08-05 14:58 <DIR> d-------- C:\VTPFiles
2007-08-05 14:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-05 00:30 <DIR> d-------- C:\Program Files\Motherboard Monitor 5
2007-08-04 20:01 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-04 19:49 <DIR> d-------- C:\Program Files\SphereXP
2007-08-04 15:00 <DIR> d-------- C:\Program Files\Symantec
2007-08-03 23:45 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-08-03 23:45 <DIR> d-------- C:\Program Files\WinCustomize
2007-08-03 23:45 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-08-03 23:22 <DIR> d-------- C:\Program Files\TweakXP 2
2007-08-03 22:55 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-03 22:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-03 22:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 22:36 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-08-03 22:35 <DIR> d-------- C:\Program Files\themexp
2007-08-03 22:35 <DIR> d-------- C:\Program Files\OneStepSearch
2007-08-03 18:38 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\Apple Computer
2007-08-03 18:37 <DIR> d-------- C:\Program Files\QuickTime
2007-08-03 18:37 <DIR> d-------- C:\Program Files\iTunes
2007-08-03 18:37 <DIR> d-------- C:\Program Files\iPod
2007-08-03 18:37 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-03 18:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-03 18:36 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-08-03 18:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-02 20:32 <DIR> d---s---- C:\DOCUME~1\Shivam\UserData
2007-08-02 20:31 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-02 20:31 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-02 20:31 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-02 20:23 713,216 -----c--- C:\WINDOWS\system32\dllcache\sxs.dll
2007-08-02 20:23 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-08-02 20:22 8,192 -----c--- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2007-08-02 20:22 148,480 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-08-02 20:21 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-02 14:57 <DIR> d-------- C:\Program Files\SpeedFan
2007-08-02 12:11 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-08-02 12:10 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-08-02 12:10 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-08-02 12:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-02 12:09 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-02 12:09 <DIR> d-------- C:\Program Files\Microsoft Works
2007-08-02 12:07 <DIR> dr-h----- C:\MSOCache
2007-08-02 12:04 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\WinRAR
2007-08-02 11:35 185,344 -----c--- C:\WINDOWS\system32\dllcache\upnphost.dll
2007-08-02 11:33 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-08-02 11:26 90,112 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-08-02 11:26 9,698,816 --a------ C:\WINDOWS\RTLCPL.EXE
2007-08-02 11:26 69,632 --a------ C:\WINDOWS\ALCMTR.EXE
2007-08-02 11:26 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-08-02 11:26 3,134,976 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-08-02 11:26 294,912 --a------ C:\WINDOWS\HideWin.exe
2007-08-02 11:26 2,805,248 --a------ C:\WINDOWS\ALCWZRD.EXE
2007-08-02 11:26 2,032,128 --a------ C:\WINDOWS\MicCal.exe
2007-08-02 11:26 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-08-02 11:26 14,477,312 --a------ C:\WINDOWS\RTHDCPL.EXE
2007-08-02 11:26 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-08-02 11:25 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-08-02 11:25 <DIR> d-------- C:\Program Files\Realtek
2007-08-02 11:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-02 08:18 94,720 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2007-08-02 08:18 111,616 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-08-02 08:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-01 22:53 <DIR> d-------- C:\DOCUME~1\Shivam\APPLIC~1\Google
2007-08-01 22:51 <DIR> d-------- C:\WINDOWS\system32\runtime


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 00:15 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-08 21:15 --------- d-------- C:\Program Files\Folding@Home
2007-08-07 21:35 3751936 --a------ C:\WINDOWS\system32\logonuiX.exe
2007-08-02 20:36 --------- d-------- C:\Program Files\Messenger
2007-08-01 22:32 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-01 21:39 --------- d-------- C:\Program Files\Movie Maker
2007-08-01 21:38 --------- d-------- C:\Program Files\Windows NT
2007-06-23 20:47 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-23 15:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-06-23 15:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-06-23 15:33 --------- d-------- C:\Program Files\Common Files\Logitech
2007-06-23 13:12 --------- d-------- C:\DOCUME~1\Shivam\APPLIC~1\ATI
2007-06-22 17:44 --------- d-------- C:\Program Files\ATI Technologies
2007-06-22 17:22 --------- d-------- C:\DOCUME~1\Shivam\APPLIC~1\Logitech
2007-06-22 16:52 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-06-22 16:45 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-06-22 16:45 --------- d-------- C:\Program Files\Logitech
2007-06-22 16:39 1156 --a------ C:\WINDOWS\mozver.dat
2007-06-22 16:32 --------- d-------- C:\DOCUME~1\Shivam\APPLIC~1\MSN6
2007-06-22 16:29 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-22 16:29 --------- d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2007-06-22 16:13 0 -rahs---- C:\MSDOS.SYS
2007-06-22 16:13 0 -rahs---- C:\IO.SYS
2007-06-22 16:13 0 --a------ C:\CONFIG.SYS
2007-06-22 16:13 0 --a------ C:\AUTOEXEC.BAT
2007-06-22 16:13 --------- d-------- C:\Program Files\microsoft frontpage
2007-06-22 16:11 --------- d-------- C:\Program Files\Common Files\MSSoap
2007-06-22 16:10 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-06-22 16:10 --------- d-------- C:\Program Files\Online Services
2007-06-22 16:10 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-06-22 12:06 --------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-06-22 12:06 --------- d-------- C:\Program Files\Common Files\ODBC
2007-05-16 11:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2004-07-22 10:51 3432656 --a------ C:\Program Files\ManagedDX.CAB
2004-07-19 22:58 1156363 --a------ C:\Program Files\BDANT.cab
2004-07-19 22:53 976020 --a------ C:\Program Files\BDAXP.cab
2004-07-09 14:17 13265040 --a------ C:\Program Files\dxnt.cab
2004-07-09 09:13 703080 --a------ C:\Program Files\BDA.cab
2004-07-09 09:13 15493481 --a------ C:\Program Files\DirectX.cab
2004-07-09 04:08 472576 --a------ C:\Program Files\dxsetup.exe
2004-07-09 04:08 2242560 --a------ C:\Program Files\dsetup32.dll
2004-07-09 03:03 62976 --a------ C:\Program Files\DSETUP.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D7CD24-E766-4F93-96E9-F5EC2EE93BC4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-22 16:45]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-06-21 23:41]
"VisualTooltip"="C:\Program Files\VisualTooltip\VisualToolTip.exe" [2006-12-27 10:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\Documents and Settings\Shivam\Start Menu\Programs\Startup\
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [2007-06-23 13:18:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-01 22:50:09]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-22 16:45:47]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-23 15:33:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfpatsk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ViOrb"=C:\Program Files\ViOrb\ViOrb.exe
"CursorXP"=C:\Program Files\CursorXP\CursorXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP

R0 speedfan;speedfan;C:\WINDOWS\system32\speedfan.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
R2 WUSB54GCSVC;WUSB54GCSVC;"C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe"
R3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavt2.sys
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys
R3 RT73;Linksys Home Wireless-G USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt73.sys
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
S3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys


Contents of the 'Scheduled Tasks' folder
2007-08-03 22:37:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-10 19:01:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-10 19:03:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-10 19:02

--- E O F ---
_________________________________________

and HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:06:35 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Folding@Home\FahCore_79.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Documents and Settings\Shivam\Desktop\Virus scanners\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: bw+0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

_____________________________
ActiveScan log:


Incident Status Location

Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\016J01AN\upgrade[1].cab[upgrade.exe]
Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\016J01AN\upgrade[1].cab[upgrade.exe][onestep.dll]
Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\016J01AN\upgrade[1].cab[upgrade.exe][onestep.exe]
Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\016J01AN\upgrade[1].cab[upgrade.exe][osopt.exe]
Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\016J01AN\upgrade[1].cab[upgrade.exe][uninstall.exe]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.com.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[www.drivecleaner.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[fl01.ct2.comclick.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[www.winantiviruspro.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.overture.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.zedo.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Shivam\Application Data\Mozilla\Firefox\Profiles\30vhw8gr.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Shivam\Cookies\shivam@2o7[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Shivam\Cookies\shivam@ads.addynamix[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Shivam\Cookies\shivam@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Shivam\Cookies\shivam@atwola[1].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Shivam\Cookies\shivam@fl01.ct2.comclick[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Shivam\Cookies\shivam@xiti[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Shivam\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Shivam\Desktop\Virus scanners\ComboFix.exe[nircmd.exe]
Adware:Adware/OneStep Not disinfected C:\Program Files\OneStepSearch\onestep.dll
Adware:Adware/OneStep Not disinfected C:\Program Files\OneStepSearch\onestep.exe
Adware:Adware/OneStep Not disinfected C:\Program Files\OneStepSearch\osopt.exe
Adware:Adware/OneStep Not disinfected C:\Program Files\OneStepSearch\uninstall.exe
Adware:Adware/ClockSync Not disinfected C:\Program Files\themexp\VVSNInst.exe
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\DOCUME~1\Shivam\APPLIC~1\__c001085.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\DOCUME~1\Shivam\APPLIC~1\__c00BABD3.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\iycnqdet.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jgtrmbum.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kenpnijs.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nrxyaidb.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ssalypxx.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wohqokbu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ykfbyktt.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\__c00C9FC4.exe.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\biqrymqi.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dipkofio.dll
Potentially unwanted tool:Application/Pskill.E Not disinfected C:\WINDOWS\system32\pskill.exe


This computer really needs help, fast. I am going to try to do a couple scans again, but the downloader that I have keeps reappearing...


Thanks

Edited by XilStorm, 10 August 2007 - 06:54 PM.

----- eXile officer XilStorm, checking in -----

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:46 AM

Posted 10 August 2007 - 10:15 PM

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Microsoft MVP Consumer Security--2007-2010

#7 XilStorm

XilStorm
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 11 August 2007 - 01:48 AM

First of all, if this works, i will definitely donate, so thank you if it will, and if it won't.....ill format my HD :thumbsup:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2007 at 01:49 AM

Application Version : 3.9.1008

Core Rules Database Version : 3284
Trace Rules Database Version: 1295

Scan type : Complete Scan
Total Scan Time : 00:55:01

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 5197
Registry threats detected : 0
File items scanned : 70501
File threats detected : 25

Adware.Tracking Cookie
C:\Documents and Settings\Shivam\Cookies\shivam@html[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@cpvfeed[2].txt
C:\Documents and Settings\Shivam\Cookies\shivam@ad.adnetinteractive[2].txt
C:\Documents and Settings\Shivam\Cookies\shivam@xiti[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@tremor.adbureau[2].txt
C:\Documents and Settings\Shivam\Cookies\shivam@fl01.ct2.comclick[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@ads.addynamix[2].txt
C:\Documents and Settings\Shivam\Cookies\shivam@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@2o7[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@bizrate[2].txt
C:\Documents and Settings\Shivam\Cookies\shivam@reduxads.valuead[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@revsci[2].txt
C:\Documents and Settings\Shivam\Cookies\shivam@ads.realtechnetwork[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Shivam\Cookies\shivam@atwola[1].txt
C:\Documents and Settings\Shivam\Cookies\shivam@adultfriendfinder[2].txt

Adware.WhenU
C:\PROGRAM FILES\THEMEXP\VVSNINST.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP37\A0016069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP37\A0016070.EXE

RelevantKnowledge Spyware Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP37\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP38\A0016085.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP38\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP41\A0018265.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP41\A0018266.DLL

Spyware.RelevantKnowledge
C:\SYSTEM VOLUME INFORMATION\_RESTORE{575F1C88-54BC-4938-8A09-8AA05A0B153F}\RP38\A0016081.EXE
----- eXile officer XilStorm, checking in -----

#8 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:46 AM

Posted 11 August 2007 - 10:24 AM

Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Files:

C:\WINDOWS\system32\dipkofio.dll <-- this file
C:\WINDOWS\system32\biqrymqi.dll <-- this file


Open Hijackthis, Click Open the Misc tools section Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.


Please post a fresh Hijackthis log too. Thanks
Microsoft MVP Consumer Security--2007-2010

#9 XilStorm

XilStorm
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 11 August 2007 - 12:56 PM

Ok. Both of those dll's were there, i deleted them. Just wondering, what do they do?

anyway, here is the uninstall list:

Ad-Aware 2007
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Advanced WindowsCare 2.51 Personal
AIM 6
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Atomic Clock Sync
AusLogics BoostSpeed
AusLogics Disk Defrag
AVG Anti-Spyware 7.5
CDDRV_Installer
Compact Wireless-G USB Adapter
CursorXP
Download Accelerator Plus (DAP)
Folding@Home
Google Desktop
Google Desktop Plugin - Calendar
Google Earth
Google Photos Screensaver
Google Talk (remove only)
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
iTunes
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
KhalSetup
Logitech Desktop Messenger
Logitech SetPoint
LogonStudio
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.4)
Mozilla Firefox (2.0.0.6)
Norton PartitionMagic 8.0
OneStep Search 1.0 build 120
Panda ActiveScan
QuickTime
RamBooster
Realtek High Definition Audio Driver
RelevantKnowledge
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SiSoftware Sandra Lite XI.SP4a
SpeedFan (remove only)
SphereXP 1.1.626
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Themexp.org File
TweakXP Tweaking Utility 2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Vista Visual Pack 7.0
WarRock
WindowBlinds
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
YoutubeEXE

___________________________________
and here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:54:02 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Folding@Home\FahCore_79.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Shivam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36D7CD24-E766-4F93-96E9-F5EC2EE93BC4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tfpatsk - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

I think onestepsearch is spyware, i dont know though. I never installed it, anyway...

Thanks!
----- eXile officer XilStorm, checking in -----

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:46 AM

Posted 11 August 2007 - 01:22 PM

Yes one search needs to go.

You can uninstall the following program from Add/Remove Programs:
Logitech Desktop Messenger
OneStep Search 1.0 build 120
RelevantKnowledge
Viewpoint Media Player



You can delete this folder

C:\Program Files\OneStepSearch


Please post a fresh Hijackthis log. Thanks
Microsoft MVP Consumer Security--2007-2010

#11 XilStorm

XilStorm
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 11 August 2007 - 02:39 PM

wait...is logitech desktop messenger spyware? I got it with the MX revolution!


anyway, this is the HJT logfile with all of the latter 3 uninstalled. Thanks and thanks again, i think the viruses are gone!

Logfile of HijackThis v1.99.1
Scan saved at 3:38:19 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Folding@Home\winFAH.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Folding@Home\FahCore_79.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Shivam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36D7CD24-E766-4F93-96E9-F5EC2EE93BC4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A5307D93-4D94-4D97-83DB-757B0AAA140B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tfpatsk - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP4a\RpcSandraSrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)
----- eXile officer XilStorm, checking in -----

#12 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:46 AM

Posted 11 August 2007 - 02:43 PM

i would consider Logitech Desktop Messenger as bloitware. Not need and usually bundled with software, for example, hp computers.
Microsoft MVP Consumer Security--2007-2010

#13 XilStorm

XilStorm
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 11 August 2007 - 02:50 PM

Bliotware?


and I think that logitech desktop messenger is the only thing that lets me customize my buttons on the mouse, but I will see if I can find an alternative :thumbsup:

Anyway, How does the log look?
----- eXile officer XilStorm, checking in -----

#14 sjpritch25

sjpritch25

  • Security Colleague
  • 898 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:46 AM

Posted 11 August 2007 - 03:35 PM

If you use it then i would leave it.

Your log is clean.

You can delete the following files and folders
C:\ComboFix
C:\QooBox
C:\combofix.txt
C:\combofix-quarantine-files.txt


On your Desktop
ComboFix.exe


Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  • Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  • If you don't have a Firewall installed, please choose from the following:
  • If you don't have a Anti-Virus installed, please download the following free program:
  • Here are two great Preventive programs:
    • SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    • IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  • Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown
    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  • Anti-Spyware Programs I Recommend:
  • For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place]

Microsoft MVP Consumer Security--2007-2010

#15 XilStorm

XilStorm
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Saturn
  • Local time:10:46 AM

Posted 11 August 2007 - 03:37 PM

Thanks so much. I'll donate soon
----- eXile officer XilStorm, checking in -----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users