Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Access Control Panel And Other Admin Rights As The Administrator


  • Please log in to reply
9 replies to this topic

#1 curlysinagain

curlysinagain

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 03 January 2008 - 11:27 PM

Hi,

This will be my second time using this site and I found the last time to be very helpful, but forgive me if I have forgotten a few things and let me know what I can do to make it easier for you to help. I have read up on others discussing similiar issues as mine but the details on these posts required hijack this logs and I am concerned to follow those instructions to the T because I know this can be different for each pc.
I recently had a slew of viruses infecting my computer (O/S Windows 2000) after my daughter (8 years) started going to her tweeny bopper sites and playing games. My computer became almost nonfunctional but I worked and clean and worked and ran numerous scans and finally got it clean to a point I can browse again comfortably and do my normal business online. Well I decided that I wanted to take advantage and use theanitvurus suite and firewall my HSI service provides me but found I am unable to access anything needing administrative priviledges error "This operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator" Well I am the system administrator and I only have one other profile and I give it administrator rights. I imagine since this only began after my numerous attempts to correct the problem myself using my allready installed antivirus (AVG), spybot search and destroy and adaware but I have a feeling something is still really wrong. I am listing my hijack this log to see if it helps and forgive me again if I do this wrong.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:30 PM, on 1/3/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\program files\common files\aol\1154072056\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154072056\ee\aolsoftware.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\shell.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {e2836563-9433-ec4b-6344-b9d82f31ce41} - {14ec13f2-8d9b-4436-b4ce-33493656382e} - C:\WINNT\system32\eqjjctge.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Kdokcfaf\cryqliet.dll (file missing)
O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINNT\system32\cbxuspn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\system32\hvdtrboa.dll (file missing)
O2 - BHO: (no name) - {C19A22C1-778B-4A9B-B9DE-AF1B8FFE80A6} - C:\WINNT\system32\tuvvw.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v5.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINNT\system32\hvdtrboa.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InternetShield] C:\Program Files\InternetShield\Internet.exe -CheckStartup
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NoTrace] "C:\Program Files\No Trace\NoTrace.exe" -mini
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Printer] C:\WINNT\system32\printer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [643d45d8] rundll32.exe "C:\WINNT\system32\wlefsvpo.dll",b
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spoolsv] C:\WINNT\system32\spoolvs.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: bw+0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: cbxuspn - cbxuspn.dll (file missing)
O20 - Winlogon Notify: hvdtrboa - hvdtrboa.dll (file missing)
O20 - Winlogon Notify: winrbg32 - winrbg32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 22836 bytes

Thanks in Advance
Rebecca

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 January 2008 - 07:42 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum curlysinagain
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 05 January 2008 - 05:56 PM

Hi Richie,

Thanks for your help. the logs you requested are listed below.

SDfix report

SDFix: Version 1.124

Run by curlysinagain on Sat 01/05/2008 at 3:47p

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\curlysinagain\Desktop\Live Safety Center.lnk - Deleted
C:\Documents and Settings\curlysinagain\Desktop\Online Security Guide.lnk - Deleted
C:\Documents and Settings\curlysinagain\Favorites\Online Security Guide.lnk - Deleted
C:\DOCUME~1\CURLYS~1\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINNT\system32\ldinfo.ldr - Deleted
C:\WINNT\system32\pac.txt - Deleted



Folder C:\Program Files\E404 Helper - Removed
Folder C:\Temp\abW9 - Removed
Folder C:\WINNT\system32\rMa02yy - Removed

Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 16:03:37
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 10 Jun 2006 4 A..H. --- "C:\WINNT\uccspecb.sys"
Fri 7 May 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Fri 7 May 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Fri 7 May 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Sun 23 Jan 2005 140,288 ..SHR --- "C:\Program Files\PhoTags Express\Setup.exe"
Wed 15 Dec 2004 39,936 A.SHR --- "C:\Program Files\PhoTags Express\_Setupx.dll"
Tue 20 Nov 2007 20,810 A.SH. --- "C:\WINNT\system32\hvdtrboa.dllbox"
Fri 6 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 12 Jun 2006 54,784 ...H. --- "C:\Documents and Settings\becky1\My Documents\~WRL0005.tmp"
Sat 5 Nov 2005 27,648 ...H. --- "C:\Documents and Settings\becky1\My Documents\~WRL0284.tmp"
Sat 5 Nov 2005 26,112 ...H. --- "C:\Documents and Settings\becky1\My Documents\~WRL1914.tmp"
Wed 27 Jun 2007 30,720 ...H. --- "C:\Documents and Settings\curlysinagain\My Documents\~WRL0986.tmp"
Sun 24 Jun 2007 25,600 ...H. --- "C:\Documents and Settings\curlysinagain\My Documents\~WRL1796.tmp"
Sun 24 Jun 2007 29,696 ...H. --- "C:\Documents and Settings\curlysinagain\My Documents\~WRL2138.tmp"
Wed 27 Jun 2007 31,232 ...H. --- "C:\Documents and Settings\curlysinagain\My Documents\~WRL2851.tmp"
Mon 4 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\curlysinagain\My Documents\~WRL3222.tmp"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Fri 10 Mar 2006 23,552 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL0004.tmp"
Fri 10 Mar 2006 24,064 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL0816.tmp"
Fri 10 Mar 2006 25,600 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL1413.tmp"
Fri 10 Mar 2006 25,088 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL2456.tmp"
Sat 5 Nov 2005 27,648 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL2488.tmp"
Fri 10 Mar 2006 27,136 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL3037.tmp"
Fri 10 Mar 2006 24,576 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL3531.tmp"
Fri 10 Mar 2006 25,600 ...H. --- "C:\Documents and Settings\becky1\Application Data\Microsoft\Word\~WRL3975.tmp"
Fri 6 May 2005 4,348 ...H. --- "C:\Documents and Settings\becky1\My Documents\My Music\License Backup\drmv1key.bak"
Thu 20 Apr 2006 20 A..H. --- "C:\Documents and Settings\becky1\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 17 Mar 2006 400 ...H. --- "C:\Documents and Settings\becky1\My Documents\My Music\License Backup\drmv2key.bak"
Thu 20 Apr 2006 1,536 A..H. --- "C:\Documents and Settings\becky1\My Documents\My Music\License Backup\drmv2lic.bak"
Mon 4 Jun 2007 22,528 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL0109.tmp"
Mon 4 Jun 2007 24,576 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL0618.tmp"
Sun 3 Jun 2007 19,456 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL0652.tmp"
Sun 24 Jun 2007 28,160 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL0890.tmp"
Tue 26 Jun 2007 30,720 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL0939.tmp"
Mon 4 Jun 2007 23,552 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL1317.tmp"
Mon 4 Jun 2007 22,528 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL1949.tmp"
Sun 24 Jun 2007 25,600 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL2008.tmp"
Sun 24 Jun 2007 29,696 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL2093.tmp"
Sun 24 Jun 2007 28,160 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL2181.tmp"
Tue 26 Jun 2007 30,720 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL2320.tmp"
Mon 4 Jun 2007 20,992 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL2544.tmp"
Sun 24 Jun 2007 26,112 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL2648.tmp"
Sun 24 Jun 2007 29,184 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL3133.tmp"
Tue 26 Jun 2007 31,232 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL3591.tmp"
Sun 3 Jun 2007 20,480 ...H. --- "C:\Documents and Settings\curlysinagain\Application Data\Microsoft\Word\~WRL4023.tmp"
Thu 7 Jul 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!

ComboFix Log

ComboFix 08-01-06.4 - curlysinagain 01/05/2008 16:28:56.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.146 [GMT -6:00]
Running from: C:\Documents and Settings\curlysinagain\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\becky1\Application Data\macromedia\Flash Player\#SharedObjects\XHZ3WW69\www.broadcaster.com
C:\Documents and Settings\becky1\Application Data\macromedia\Flash Player\#SharedObjects\XHZ3WW69\www.broadcaster.com\played_list.sol
C:\Documents and Settings\becky1\Application Data\macromedia\Flash Player\#SharedObjects\XHZ3WW69\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\becky1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\becky1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\becky1\Desktop\Live Safety Center.lnk
C:\Documents and Settings\becky1\err.log
C:\Documents and Settings\becky1\Favorites\Online Security Guide.lnk
C:\Documents and Settings\curlysinagain\Application Data\macromedia\Flash Player\#SharedObjects\D3D6Q4DV\www.broadcaster.com
C:\Documents and Settings\curlysinagain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\curlysinagain\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\SecCenter
C:\WINNT\cookies.ini
C:\WINNT\system32\config\SAM.SAV
C:\WINNT\system32\drvfugr.dll
C:\WINNT\system32\hvdtrboa.dllbox
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\opvsfelw.ini
C:\WINNT\system32\wvvut.ini
C:\WINNT\system32\wvvut.ini2
C:\WINNT\system32\wxxstfeh.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN


((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 16:41 . 08-01-06 16:41 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4cc.dat
2008-01-05 15:38 . 08-01-05 15:38 <DIR> d-------- C:\WINNT\ERUNT
2008-01-03 22:21 . 08-01-03 22:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 01:47 . 07-12-30 01:47 <DIR> d-------- C:\Documents and Settings\curlysinagain\Application Data\Yahoo! Messenger
2007-12-25 06:42 . 03-06-19 13:05 21,552 --a--c--- C:\WINNT\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 14:00 --------- d-----w C:\Documents and Settings\curlysinagain\Application Data\AVG7
2008-01-04 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-04 03:26 --------- d---a-w C:\Program Files\America Online 9.0
2007-12-31 22:21 --------- d-----w C:\Documents and Settings\curlysinagain\Application Data\MailFrontier
2007-12-28 14:00 --------- d-----w C:\Documents and Settings\becky1\Application Data\AVG7
2007-12-26 04:34 --------- d-----w C:\Program Files\TrueSwitchComcast
2007-12-14 22:46 --------- d-----w C:\Program Files\Lexmark 1200 Series
2007-11-20 21:49 --------- d-----w C:\Program Files\sxelqjix
2007-11-20 21:49 --------- d-----w C:\Program Files\Kdokcfaf
2007-11-20 14:41 26,944 ----a-w C:\WINNT\system32\drivers\avg7rsnt.sys
2007-11-20 14:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-20 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-19 23:15 --------- d-----w C:\Program Files\TrueSwitch
2007-11-19 21:07 --------- d-----w C:\Documents and Settings\Default User\Application Data\AVG7
2007-11-19 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 02:41 --------- d-----w C:\Program Files\MySpace
2007-10-31 19:03 245,408 ----a-w C:\WINNT\system32\unicows.dll
2007-07-03 03:56 3,083,727 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2004-08-29 21:15 271 ---h--w C:\Program Files\desktop.ini
2004-08-29 21:15 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2007-05-15 21:35 5,503,264 --sha-w C:\WINNT\system32\drivers\fidbox.dat
2007-05-15 21:35 116,256 --sha-w C:\WINNT\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14ec13f2-8d9b-4436-b4ce-33493656382e}]
C:\WINNT\system32\eqjjctge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
C:\Program Files\Kdokcfaf\cryqliet.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19A22C1-778B-4A9B-B9DE-AF1B8FFE80A6}]
C:\WINNT\system32\tuvvw.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [04-08-10 09:37 61440]
"WebCamRT.exe"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 13:05 111376 C:\WINNT\system32\mobsync.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [06-10-23 06:50 71216]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [02-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [02-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [02-12-10 18:31 61440]
"InternetShield"="C:\Program Files\InternetShield\Internet.exe" [ ]
"PrinTray"="C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe" [01-03-27 01:45 36864]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [04-07-15 10:42 4112384]
"nwiz"="nwiz.exe" [04-07-15 10:42 843776 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [04-07-15 10:42 81920]
"HostManager"="C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe" [06-09-25 18:52 50736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-12-15 02:11 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [04-08-09 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [04-08-09 06:03 81920]
"NoTrace"="C:\Program Files\No Trace\NoTrace.exe" [ ]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-03-08 23:02 919280]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [02-10-06 23:23 90112]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [02-04-17 09:42 69632]
"SoloSentry"="C:\SRNMIC~1\SOLOSENT.EXE" [07-06-15 20:20 77824]
"SoloSysCheck"="C:\SRNMIC~1\SYSCHECK.COM" [06-02-09 22:56 237568]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [06-07-13 12:22 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-12-24 12:51 579072]
"643d45d8"="C:\WINNT\system32\wlefsvpo.dll" [ ]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [07-11-20 08:42 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 13:05 186640]

C:\Documents and Settings\becky1\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueSwitchComcast\TrueWizard.exe [2007-07-02 03:16:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 10:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuspn]
cbxuspn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hvdtrboa]
hvdtrboa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrbg32]
winrbg32.dll

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys [07-11-20 08:41 ]
R3 PAC207;Webcam Basic;C:\WINNT\system32\DRIVERS\pfc027.sys [05-04-08 10:46 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 13:05 ]
S1 sglfb;sglfb;C:\WINNT\system32\drivers\sglfb.sys [99-12-07 11:00 ]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINNT\system32\DRIVERS\vnet558x.sys [03-06-12 16:56 ]
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [03-06-18 16:48 ]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 03:45:00 C:\WINNT\Tasks\Disk Cleanup.job"
- C:\WINNT\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 16:42:14
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-01-06 16:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 22:46:17
ComboFix2.txt 2007-05-18 01:23:55

New Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:15 PM, on 1/6/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\program files\common files\aol\1154072056\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154072056\ee\aolsoftware.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {e2836563-9433-ec4b-6344-b9d82f31ce41} - {14ec13f2-8d9b-4436-b4ce-33493656382e} - C:\WINNT\system32\eqjjctge.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Kdokcfaf\cryqliet.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {C19A22C1-778B-4A9B-B9DE-AF1B8FFE80A6} - C:\WINNT\system32\tuvvw.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [InternetShield] C:\Program Files\InternetShield\Internet.exe -CheckStartup
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NoTrace] "C:\Program Files\No Trace\NoTrace.exe" -mini
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [643d45d8] rundll32.exe "C:\WINNT\system32\wlefsvpo.dll",b
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: bw+0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: cbxuspn - cbxuspn.dll (file missing)
O20 - Winlogon Notify: hvdtrboa - hvdtrboa.dll (file missing)
O20 - Winlogon Notify: winrbg32 - winrbg32.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 21869 bytes


Rebecca

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 January 2008 - 07:19 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\Program Files\sxelqjix
C:\Program Files\Kdokcfaf
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14ec13f2-8d9b-4436-b4ce-33493656382e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C19A22C1-778B-4A9B-B9DE-AF1B8FFE80A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternetShield"=-
"643d45d8"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuspn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hvdtrboa]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrbg32]

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 05 January 2008 - 08:20 PM

Ok here are the results of the 2nd Combo fix

ComboFix 08-01-06.4 - curlysinagain 01/06/2008 18:51:43.2 - NTFSx86
Running from: C:\Documents and Settings\curlysinagain\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\curlysinagain\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Kdokcfaf
C:\Program Files\sxelqjix

.
((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-06 18:51 . 01/06/08 06:51p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_48c.dat
2008-01-05 15:38 . 01/05/08 03:38p <DIR> d-------- C:\WINNT\ERUNT
2008-01-03 22:21 . 01/03/08 10:21p <DIR> d-------- C:\Program Files\Trend Micro
2007-12-30 01:47 . 12/30/07 01:47a <DIR> d-------- C:\Documents and Settings\curlysinagain\Application Data\Yahoo! Messenger
2007-12-25 06:42 . 06/19/03 01:05p 21,552 --a--c--- C:\WINNT\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 22:44 --------- d-----w C:\Documents and Settings\curlysinagain\Application Data\AVG7
2008-01-04 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-04 03:26 --------- d---a-w C:\Program Files\America Online 9.0
2007-12-31 22:21 --------- d-----w C:\Documents and Settings\curlysinagain\Application Data\MailFrontier
2007-12-28 14:00 --------- d-----w C:\Documents and Settings\becky1\Application Data\AVG7
2007-12-26 04:34 --------- d-----w C:\Program Files\TrueSwitchComcast
2007-12-14 22:46 --------- d-----w C:\Program Files\Lexmark 1200 Series
2007-11-20 14:41 26,944 ----a-w C:\WINNT\system32\drivers\avg7rsnt.sys
2007-11-20 14:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-20 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-19 23:15 --------- d-----w C:\Program Files\TrueSwitch
2007-11-19 21:07 --------- d-----w C:\Documents and Settings\Default User\Application Data\AVG7
2007-11-19 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 02:41 --------- d-----w C:\Program Files\MySpace
2007-10-31 19:03 245,408 ----a-w C:\WINNT\system32\unicows.dll
2007-07-03 03:56 3,083,727 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2004-08-29 21:15 271 ---h--w C:\Program Files\desktop.ini
2004-08-29 21:15 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 17:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2007-05-15 21:35 5,503,264 --sha-w C:\WINNT\system32\drivers\fidbox.dat
2007-05-15 21:35 116,256 --sha-w C:\WINNT\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/10/04 09:37a 61440]
"WebCamRT.exe"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p 111376 C:\WINNT\system32\mobsync.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/23/06 06:50a 71216]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [12/10/02 05:54p 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [12/10/02 06:32p 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [12/10/02 06:31p 61440]
"PrinTray"="C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe" [03/27/01 01:45a 36864]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [07/15/04 10:42a 4112384]
"nwiz"="nwiz.exe" [07/15/04 10:42a 843776 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [07/15/04 10:42a 81920]
"HostManager"="C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe" [09/25/06 06:52p 50736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/15/06 02:11a 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [08/09/04 06:03a 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/09/04 06:03a 81920]
"NoTrace"="C:\Program Files\No Trace\NoTrace.exe" [ ]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/08/07 11:02p 919280]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [10/06/02 11:23p 90112]
"Share-to-Web Namespace Daemon"="c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/02 09:42a 69632]
"SoloSentry"="C:\SRNMIC~1\SOLOSENT.EXE" [06/15/07 08:20p 77824]
"SoloSysCheck"="C:\SRNMIC~1\SYSCHECK.COM" [02/09/06 10:56p 237568]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [07/13/06 12:22p 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/24/07 12:51p 579072]
"AOLAspSunset2"="C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [11/20/07 08:42a 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 01:05p 186640]

C:\Documents and Settings\becky1\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueSwitchComcast\TrueWizard.exe [2007-07-02 03:16:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 10:10:00]

R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys [11/20/07 08:41a]
S3 FVNETusb;Linksys Wireless-B USB Network Adapter v2.8 Driver;C:\WINNT\system32\DRIVERS\vnet558x.sys [06/12/03 04:56p]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 03:45:00 C:\WINNT\Tasks\Disk Cleanup.job"
- C:\WINNT\system32\cleanmgr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 18:56:12
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 01/06/2008 18:57:50
ComboFix-quarantined-files.txt 2008-01-07 00:57:23
ComboFix2.txt 2008-01-06 22:47:23
ComboFix3.txt 2007-05-18 01:23:55

and here is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:09 PM, on 1/6/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\program files\common files\aol\1154072056\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1154072056\ee\aolsoftware.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NoTrace] "C:\Program Files\No Trace\NoTrace.exe" -mini
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: bw+0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 21099 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 January 2008 - 08:28 PM

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.

Posted Image

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 05 January 2008 - 10:16 PM

Richie,

I am hoping I am posting what your requested.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/06/2008 at 09:04 PM

Application Version : 3.9.1008

Core Rules Database Version : 3374
Trace Rules Database Version: 1369

Scan type : Complete Scan
Total Scan Time : 00:44:22

Memory items scanned : 446
Memory threats detected : 0
Registry items scanned : 7065
Registry threats detected : 0
File items scanned : 33480
File threats detected : 204

Adware.Tracking Cookie
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@partner2profit[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@man[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-dig.hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@23630596[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@revenue[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@findarticles[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@e-2dj6wdkichazkdq.stats.esomniture[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@serving-sys[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@tribalfusion[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@equifax.adbureau[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@realmedia[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ex=0_[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@indextools[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@statsync[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ad.yieldmanager[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@stats.clicktracks[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@statse.webtrendslive[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@43040610[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-bizjournals.hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@stats1.reliablestats[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@networksolutions.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@bs.serving-sys[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adopt.specificclick[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@bluestreak[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.as4x.tmcs[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@eas.apm.emediate[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@atdmt[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@specificclick[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@triviacelebs.revenuetext[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adopt.euroclick[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@perf.overture[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@zedo[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adrevolver[3].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@direct;wi.728;hi[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@e-2dj6wck4eidjoap.stats.esomniture[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@entrepreneur[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.pointroll[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www.burstbeacon[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adbrite[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@tripod[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@evils65.tripod[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@hg1.hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ad[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www.statsync[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@atwola[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@richmedia.yahoo[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adprofile[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@cgi-bin[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adinterax[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@anad.tacoda[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www.w3counter[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www.todaymediainc[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@fdau.adbureau[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@data2.perf.overture[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@roiservice[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@a.findarticles[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@teendrugabuse[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@risk[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@revsci[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads2[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@roi.clicklab[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www.clickmanage[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@mediaplex[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@sales.liveperson[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@doubleclick[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@casalemedia[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@overture[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-equifax.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www.burstnet[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@winantivirus[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@incisivemedia.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@usatoday1.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@medianewsgroup[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@statcounter[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@qnsr[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@data4.perf.overture[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@questionmarket[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@vhost.oddcast[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@fastclick[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adlegend[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@tacoda[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@advertising[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@4C74885C-9563-46CB-A604-253EC7D37215[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@paypal.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@trafficmp[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@counter2.hitslink[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@rotator.adjuggler[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-comcast2.hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@banners.pictures.sprintpcs[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@stat.dealtime[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@43836137[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@versiontracker[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@clickz[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@gettyimages.122.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@bizrate[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@75701581[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@clicksor[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@xxxblackbook[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@comediansusa[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@e-2dj6wcliukazogo.stats.esomniture[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@comcast.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.realtechnetwork[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@media.adrevolver[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@tremor.adbureau[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@html[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adrevolver[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@xiti[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@parentingteens.about[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-lexmark.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@focalex[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@i.screensavers[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@system[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@e-2dj6wfliegajgho.stats.esomniture[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ford.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@citi.bridgetrack[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@web4.realtracker[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www4.burstnet[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@highbeam.122.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adecn[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.cnn[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@entrepreneurs.about[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@azjmp[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@secure.advancedcleaner[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@safaribooks.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@67.15.239[3].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@media.mtvnservices[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@popularscreensavers[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.addynamix[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@collective-media[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@timeinc.122.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@edge.ru4[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads4.blastro[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@reduxads.valuead[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adserver[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@advancedcleaner[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@dealtime[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@stats.sellmosoft[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@howtoguides[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-comcast.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@msnportal.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@main[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@screensavers[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@cbs.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-callidussoftware.hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@traffic.buyservices[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@13178860[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@p[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@e-2dj6wcl4omd5cdo.stats.esomniture[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@onlinerewardcenter[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@riskwaters[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@cardfinder.capitalone[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@brightcove.112.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@a.websponsors[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@track.webgains[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads3.blastro[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-suite101.hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@click2houston[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@klik.klikadvertising[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@toseeka[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@exitexchange[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@bestsellerantivirus[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-rr.hitbox[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@www.click2houston[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@windowsmedia[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@eyewonder[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@adtech[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.joinaxxess[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@oasc02.247realmedia[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads2.drivelinemedia[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@counter.hitslink[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@e-2dj6wclookc5wco.stats.esomniture[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@stats.gamestop[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@74613876[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@1072726240[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@67.15.239[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.adbrite[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@apmebf[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@store.sextoy[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-paloaltosoftwareinc.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@freecodesource.advertserve[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@buycom.122.2o7[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@eyeblast.adbureau[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@eb.adbureau[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@media6degrees[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@e-2dj6wglykid5kco.stats.esomniture[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ads.belointeractive[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@sale.spyguardpro[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@path.pureadstracking[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@protect.spyguardpro[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@try.screensavers[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@ehg-discoverynetwork.hitbox[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@mediamgr.ugo[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@spyguardpro[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@112.2o7[2].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@pro-market[1].txt
C:\Documents and Settings\curlysinagain\Cookies\curlysinagain@sexbuddies[2].txt


HIjack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:10 PM, on 1/6/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\AOL\1154072056\ee\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\program files\common files\aol\1154072056\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINNT\system32\wuauclt.exe
c:\program files\common files\aol\1154072056\ee\aolsoftware.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www6.comcast.net/a/?cookieattempt=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154072056\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NoTrace] "C:\Program Files\No Trace\NoTrace.exe" -mini
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SoloSentry] C:\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: bw+0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {0B672598-24DC-4E3A-B939-4D4515C78D0F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 21337 bytes


As far as my computer is running I can see the control panel now again and have access but the only issue I have is getting my add/remove programs to display and I want to update my antivirus software and firewall and I cannot do that without removing what I allready have on the pc. Is there a fix or work around ? It acts like it wants to open but then stalls and I can't even close the window after that.

Rebecca

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 06 January 2008 - 05:32 AM

the only issue I have is getting my add/remove programs to display

First backup the registry by doing the following.
Click on Start>Run,copy and paste the following bold text into the 'Open:' space,then press Ok.
regedit /e c:\registrybackup.reg
It won't appear to be doing anything,that's normal.
Your mouse pointer may have an hour glass along side it for a minute or so.
Please be patient and continue when the hour glass disappears.

Click Start/Run,type Regedit into the 'Open:' space,then press OK.
Navigate to and double click on the following keys one at a time.
Delete the value NoAddRemovePrograms if present in the right hand pane:

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Uninstall

Now navigate to and double click on the following keys one at a time.
Delete the value NoControlPanel if present in the right hand pane:

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer

Close Regedit,restart your pc.

Posted Image
Posted Image

#9 curlysinagain

curlysinagain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 06 January 2008 - 11:28 AM

Okay I backed up the registry but found no values in my right hand pane indicating no add/remove programs or nocontrol panel so no changes were made in the Regedit. I do notice however no value is set for my registry size and at one point during our corrections on the pc it gave me a message saying my registry size was too small and to increase, could that have anything to do with why it will not load completely?

Rebecca

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 06 January 2008 - 06:54 PM

To increase registry quota in Win2000,go to Control Panel|System|Advanced|Performance
Options|Change, then under "Registry Size" you can set the value to a higher number.
Press Apply/OK.
Restart your pc.

Post a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users