Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have The Devil On This Computer (virtumonde And Smitfraud-c.toolbar888 And Hopefully Nothing Else :-)


  • This topic is locked This topic is locked
35 replies to this topic

#1 Preying to the Comp Gods

Preying to the Comp Gods

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 21 June 2007 - 09:03 PM

Ok, here's the story.
I'm here trying to fix my grandma's computer, and have been at it for 2 days now. Why? My cousin in her ignorant ways loaded it up with virus and malware. I have scanned and cleansed a couple hundred various infections of viruses and spyware. (Scanned with: Ad-Aware 2007, Spybot, AVG 7.5, AVG anti-spyware, AVG anti-rootkit, and McAfee Stinger.)

Now for my issue:
Without the firewall I continue to get pop-up's and new viruses (thanks to the virtumonde).
Of the Virtumonde, I've located the two files ddaba.dll and fccawts.dll, which continue to install BHO's on internet explorer. The issue is I'm unable to delete them permanetely. I believe it has something to do with the entries the both have in Winlogon Notify, but I have no idea what to do. After being deleted they reappear. I've tried deleting them with virus-scanners, manually, and with killbox. Also, smitfraud infection, I have no-idea whatsoever what to do, as it's files like those of the Virtumonde infection resist deletion by virus scanner.

I was wondering if you could help me delete the Virtumonde and Smitfraud infections, as well as telling me if there was anything i missed.
(PS. There's a 50% I won't be able to get on this computer this weekend.)
Regards,
John :thumbsup:

And of course my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 6:21:56 PM, on 6/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Anti-virus Programs (Don't Delete) (John)\HijackThis(I know it looks evil but don't delete).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ieconfig.qualcomm.com/install.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\fccawts.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FF03812B-732F-4EB4-B1A3-B4239E1CF4C6} - C:\WINDOWS\System32\ddaba.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135545482560
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O18 - Protocol: bw+0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddaba - C:\WINDOWS\System32\ddaba.dll
O20 - Winlogon Notify: fccawts - C:\WINDOWS\SYSTEM32\fccawts.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

:flowers: :huh: :huh:
Kick the computer

it's fun

BC AdBot (Login to Remove)

 


#2 Preying to the Comp Gods

Preying to the Comp Gods
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 21 June 2007 - 09:09 PM

:thumbsup: Sorry, but i forgot to add that the BHO's are usually named error or &Radio, and they reappear 5 minutes - 1 hour after deletion.
Kick the computer

it's fun

#3 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 PM

Posted 21 June 2007 - 09:50 PM

Hello and welcome to BC

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply along with a fresh HijackThis log taken after a reboot.
  • Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.


#4 Preying to the Comp Gods

Preying to the Comp Gods
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 21 June 2007 - 10:14 PM

Here's my combo fix log:

ComboFix 07-06-22.2 - C:\Documents and Settings\Ruth\Desktop\ComboFix.exe
"Ruth" - 2007-06-21 19:59:29 - Service Pack 1 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bafvilfc.dll
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\cflivfab.ini
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\abadd.bak1
C:\WINDOWS\system32\abadd.bak2
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\fccawts.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))




((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\LEGACY_RUNTIME
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-21 19:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-06-21 17:28 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-06-21 17:28 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-06-21 17:28 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-06-21 17:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-06-21 17:28 <DIR> d-------- C:\Program Files\Sygate
2007-06-21 16:47 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-21 16:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-21 16:46 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-21 16:39 56,832 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-21 16:38 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-06-21 16:38 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-06-21 16:38 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-21 16:38 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-06-21 16:38 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-21 16:38 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-06-21 16:38 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-06-21 16:01 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-21 15:53 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-21 15:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-21 15:53 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-21 15:19 56 --a------ C:\WINDOWS\system32\midimap.dll
2007-06-21 14:58 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-21 14:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-21 14:41 <DIR> d-------- C:\WINDOWS\ehome
2007-06-21 14:36 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-06-21 14:36 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-06-21 14:36 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-06-21 14:36 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-06-21 14:36 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-06-21 14:36 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-06-21 14:36 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2007-06-21 14:36 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-06-21 14:36 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-06-21 14:36 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-06-21 14:36 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2007-06-21 14:36 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-06-21 14:36 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-06-21 14:36 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2007-06-21 14:36 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-06-21 14:36 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2007-06-21 14:36 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2007-06-21 14:36 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-06-21 14:36 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2007-06-21 14:36 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-06-21 14:35 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2007-06-21 14:35 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2007-06-21 14:35 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2007-06-21 14:35 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2007-06-21 14:35 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2007-06-21 14:35 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2007-06-21 14:35 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-06-21 14:35 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-21 14:35 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-21 14:35 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-06-21 14:35 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-06-21 14:35 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-06-21 14:35 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-06-21 14:35 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2007-06-21 14:35 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2007-06-21 14:35 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-06-21 14:35 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-06-21 14:35 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-06-21 14:35 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-06-21 14:35 72,192 --a------ C:\WINDOWS\system32\telnet.exe
2007-06-21 14:35 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-06-21 14:35 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-06-21 14:35 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2007-06-21 14:35 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2007-06-21 14:35 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2007-06-21 14:35 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-06-21 14:35 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2007-06-21 14:35 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2007-06-21 14:35 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-06-21 14:35 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-06-21 14:35 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-06-21 14:35 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-06-21 14:35 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2007-06-21 14:35 61,952 --a------ C:\WINDOWS\system32\sti.dll
2007-06-21 14:35 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-06-21 14:35 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-06-21 14:35 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2007-06-21 14:35 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2007-06-21 14:35 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-06-21 14:35 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2007-06-21 14:35 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-06-21 14:35 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-06-21 14:35 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-06-21 14:35 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2007-06-21 14:35 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2007-06-21 14:35 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-21 14:35 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-06-21 14:35 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-06-21 14:35 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-06-21 14:35 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-06-21 14:35 53,248 --a------ C:\WINDOWS\system32\packager.exe
2007-06-21 14:35 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 03:01:22 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-21 23:19:13 -------- d-----w C:\Program Files\Messenger
2007-06-21 22:01:54 -------- d-----w C:\Program Files\MSN Messenger
2007-06-21 21:41:14 -------- d-----w C:\Program Files\Movie Maker
2007-06-21 05:41:33 -------- d-----w C:\Program Files\Lavasoft
2007-06-07 21:26:08 -------- d-----w C:\Program Files\Symantec
2007-06-07 21:26:05 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-07 21:26:04 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-07 21:15:24 -------- d-----w C:\DOCUME~1\Ruth\APPLIC~1\MSN6
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-21 11:42]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost"=C:\WINDOWS\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN Gaming Zone\profsyvyka.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
C:\WINDOWS\cfg32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
C:\WINDOWS\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DM_Server]
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\twinpndt.exe CHD003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\System32\bafvilfc.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hwfutczk.exe]
C:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihkbynsd.exe]
C:\Documents and Settings\All Users.WINDOWS\Application Data\ihkbynsd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kjog]
"C:\Documents and Settings\Ruth\My Documents\??curity\?hkntfs.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mfwmn]
"C:\Documents and Settings\Ruth\Application Data\??sks\l?gonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ootxgmkA]
C:\WINDOWS\ootxgmkA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pdmr]
"C:\DOCUME~1\Ruth\APPLIC~1\ASKS~1\services.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
c:\windows\system32\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureWeb]
C:\WINDOWS\System32\0255Nq1g.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winactive]
C:\Program Files\Window Active\winactive.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{54-4C-C4-4E-ZN}]
c:\windows\system32\dwdsregt.exe SKY003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymProxySvc"=2 (0x2)
"SBService"=2 (0x2)
"NetSvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ImapiService"=3 (0x3)
"BlackICE"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Windows Overlay Components"=2 (0x2)
"Network Monitor"=2 (0x2)
"Net Agent"=2 (0x2)
"DomainService"=2 (0x2)

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT

Contents of the 'Scheduled Tasks' folder
2007-06-21 07:00:00 C:\WINDOWS\tasks\At1.job
2007-06-17 16:01:44 C:\WINDOWS\tasks\At10.job
2007-06-20 17:01:42 C:\WINDOWS\tasks\At11.job
2007-06-20 18:00:30 C:\WINDOWS\tasks\At12.job
2007-06-21 19:00:00 C:\WINDOWS\tasks\At13.job
2007-06-21 20:00:00 C:\WINDOWS\tasks\At14.job
2007-06-21 21:00:00 C:\WINDOWS\tasks\At15.job
2007-06-21 22:00:01 C:\WINDOWS\tasks\At16.job
2007-06-21 23:00:00 C:\WINDOWS\tasks\At17.job
2007-06-22 00:00:00 C:\WINDOWS\tasks\At18.job
2007-06-22 01:00:00 C:\WINDOWS\tasks\At19.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At2.job
2007-06-22 02:00:00 C:\WINDOWS\tasks\At20.job
2007-06-22 03:00:00 C:\WINDOWS\tasks\At21.job
2007-06-21 04:00:00 C:\WINDOWS\tasks\At22.job
2007-06-21 05:00:00 C:\WINDOWS\tasks\At23.job
2007-06-21 06:00:01 C:\WINDOWS\tasks\At24.job
2007-06-21 07:00:00 C:\WINDOWS\tasks\At25.job
2007-06-21 01:19:59 C:\WINDOWS\tasks\At26.job
2007-06-21 01:20:00 C:\WINDOWS\tasks\At27.job
2007-06-21 01:20:01 C:\WINDOWS\tasks\At28.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At29.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At3.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At30.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At31.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At32.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At33.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At34.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At35.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At36.job
2007-06-21 19:00:01 C:\WINDOWS\tasks\At37.job
2007-06-21 20:00:00 C:\WINDOWS\tasks\At38.job
2007-06-21 21:00:00 C:\WINDOWS\tasks\At39.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At4.job
2007-06-21 22:00:02 C:\WINDOWS\tasks\At40.job
2007-06-21 23:00:00 C:\WINDOWS\tasks\At41.job
2007-06-22 00:00:00 C:\WINDOWS\tasks\At42.job
2007-06-22 01:00:00 C:\WINDOWS\tasks\At43.job
2007-06-22 02:00:00 C:\WINDOWS\tasks\At44.job
2007-06-22 03:00:00 C:\WINDOWS\tasks\At45.job
2007-06-21 04:00:00 C:\WINDOWS\tasks\At46.job
2007-06-21 05:00:00 C:\WINDOWS\tasks\At47.job
2007-06-21 06:00:03 C:\WINDOWS\tasks\At48.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At5.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At6.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At7.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At8.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At9.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 20:05:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 20:07:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-21 20:07

--- E O F ---


And here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:12:15 PM, on 6/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Anti-virus Programs (Don't Delete) (John)\HijackThis(I know it looks evil but don't delete).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ieconfig.qualcomm.com/install.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135545482560
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O18 - Protocol: bw+0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

By the way, I was wondering where you learned about all of this computer stuff. I'm o.k. with computer's but from what I've seen you guys are amazing. Just wondering, cause i was interested in learning more about computers. :thumbsup:
Kick the computer

it's fun

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 PM

Posted 22 June 2007 - 08:33 AM

Hi,

Go to Start>Control Panel>Add/Remove Programs and remove the following if present:

Window Active
RelevantKnowledge
WinPop
Yazzle


====================================

Disable AVG Anti Spyware realtime protection

Open AVG Anti Spyware.
Under 'Status',click on "change status" to make it 'inactive'. Once your log is clean you can re-enable it.

====================================

Scan with HijackThis and put a checkmark against the following entries:
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - (no file)

The following activeX controls( Download Program Files)will reinstall when(and if) you revisit that website,
UNLESS you know they are from a safe source, check to remove.

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab

Close all browsers including this one and click on "fix checked".

====================================

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\twinpndt.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\hwfutczk.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\ihkbynsd.exe
C:\WINDOWS\ootxgmkA.exe
C:\DOCUME~1\Ruth\APPLIC~1\ASKS~1\services.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\retadpu72.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\System32\0255Nq1g.exe

Folder::
C:\Documents and Settings\Ruth\My Documents\??curity
C:\Documents and Settings\Ruth\Application Data\??sks
C:\Program Files\Window Active
C:\Program Files\WinPop

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hwfutczk.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ihkbynsd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kjog]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mfwmn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ootxgmkA]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pdmr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureWeb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winactive]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{54-4C-C4-4E-ZN}]

Save this as ComboFix-Do.txt Posted Image
Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe .
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

======================================

By the way, I was wondering where you learned about all of this computer stuff. I'm o.k. with computer's but from what I've seen you guys are amazing. Just wondering, cause i was interested in learning more about computers.


Below are some good training schools:

Malware University.
TSF Academy
Bleeping Computer Study Hall
Boot Camp Admission.
GTG University
TomCoyote

#6 Preying to the Comp Gods

Preying to the Comp Gods
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 22 June 2007 - 12:25 PM

Hi,

All those programs had recently been in Add/Remove Programs a day or two ago, but i deleted tem at that time.

Also, I am familiar with www.tgrt.com (It's a turkish website)


Combofix log:

ComboFix 07-06-22.2 - C:\Documents and Settings\Ruth\Desktop\ComboFix.exe
"Ruth" - 2007-06-22 10:17:54 - Service Pack 1 NTFS
Command switches used :: C:\Documents and Settings\Ruth\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-21 19:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-06-21 17:28 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-06-21 17:28 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-06-21 17:28 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-06-21 17:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-06-21 17:28 <DIR> d-------- C:\Program Files\Sygate
2007-06-21 16:47 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-21 16:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-21 16:46 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-21 16:39 56,832 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-21 16:38 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-06-21 16:38 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-06-21 16:38 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-21 16:38 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-06-21 16:38 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-21 16:38 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-06-21 16:38 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-06-21 16:01 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-21 15:53 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-21 15:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-21 15:53 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-21 15:19 56 --a------ C:\WINDOWS\system32\midimap.dll
2007-06-21 14:58 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-21 14:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-21 14:41 <DIR> d-------- C:\WINDOWS\ehome
2007-06-21 14:36 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-06-21 14:36 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-06-21 14:36 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-06-21 14:36 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-06-21 14:36 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-06-21 14:36 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-06-21 14:36 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2007-06-21 14:36 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-06-21 14:36 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-06-21 14:36 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-06-21 14:36 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2007-06-21 14:36 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-06-21 14:36 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-06-21 14:36 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2007-06-21 14:36 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-06-21 14:36 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2007-06-21 14:36 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2007-06-21 14:36 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-06-21 14:36 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2007-06-21 14:36 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-06-21 14:35 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2007-06-21 14:35 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2007-06-21 14:35 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2007-06-21 14:35 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2007-06-21 14:35 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2007-06-21 14:35 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2007-06-21 14:35 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-06-21 14:35 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-21 14:35 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-21 14:35 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-06-21 14:35 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-06-21 14:35 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-06-21 14:35 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-06-21 14:35 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2007-06-21 14:35 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2007-06-21 14:35 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-06-21 14:35 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-06-21 14:35 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-06-21 14:35 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-06-21 14:35 72,192 --a------ C:\WINDOWS\system32\telnet.exe
2007-06-21 14:35 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-06-21 14:35 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-06-21 14:35 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2007-06-21 14:35 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2007-06-21 14:35 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2007-06-21 14:35 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-06-21 14:35 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2007-06-21 14:35 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2007-06-21 14:35 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-06-21 14:35 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-06-21 14:35 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-06-21 14:35 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-06-21 14:35 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2007-06-21 14:35 61,952 --a------ C:\WINDOWS\system32\sti.dll
2007-06-21 14:35 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-06-21 14:35 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-06-21 14:35 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2007-06-21 14:35 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2007-06-21 14:35 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-06-21 14:35 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2007-06-21 14:35 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-06-21 14:35 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-06-21 14:35 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-06-21 14:35 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2007-06-21 14:35 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2007-06-21 14:35 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-21 14:35 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-06-21 14:35 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-06-21 14:35 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-06-21 14:35 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-06-21 14:35 53,248 --a------ C:\WINDOWS\system32\packager.exe
2007-06-21 14:35 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 03:01:22 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-21 23:19:13 -------- d-----w C:\Program Files\Messenger
2007-06-21 22:01:54 -------- d-----w C:\Program Files\MSN Messenger
2007-06-21 21:41:14 -------- d-----w C:\Program Files\Movie Maker
2007-06-21 05:41:33 -------- d-----w C:\Program Files\Lavasoft
2007-06-07 21:26:08 -------- d-----w C:\Program Files\Symantec
2007-06-07 21:26:05 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-07 21:26:04 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-07 21:15:24 -------- d-----w C:\DOCUME~1\Ruth\APPLIC~1\MSN6
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-21 11:42]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost"=C:\WINDOWS\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN Gaming Zone\profsyvyka.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
C:\WINDOWS\cfg32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
C:\WINDOWS\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DM_Server]
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymProxySvc"=2 (0x2)
"SBService"=2 (0x2)
"NetSvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ImapiService"=3 (0x3)
"BlackICE"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Windows Overlay Components"=2 (0x2)
"Network Monitor"=2 (0x2)
"Net Agent"=2 (0x2)
"DomainService"=2 (0x2)


Contents of the 'Scheduled Tasks' folder
2007-06-21 07:00:00 C:\WINDOWS\tasks\At1.job
2007-06-17 16:01:44 C:\WINDOWS\tasks\At10.job
2007-06-20 17:01:42 C:\WINDOWS\tasks\At11.job
2007-06-20 18:00:30 C:\WINDOWS\tasks\At12.job
2007-06-21 19:00:00 C:\WINDOWS\tasks\At13.job
2007-06-21 20:00:00 C:\WINDOWS\tasks\At14.job
2007-06-21 21:00:00 C:\WINDOWS\tasks\At15.job
2007-06-21 22:00:01 C:\WINDOWS\tasks\At16.job
2007-06-21 23:00:00 C:\WINDOWS\tasks\At17.job
2007-06-22 00:00:00 C:\WINDOWS\tasks\At18.job
2007-06-22 01:00:00 C:\WINDOWS\tasks\At19.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At2.job
2007-06-22 02:00:00 C:\WINDOWS\tasks\At20.job
2007-06-22 03:00:00 C:\WINDOWS\tasks\At21.job
2007-06-22 04:00:00 C:\WINDOWS\tasks\At22.job
2007-06-22 05:00:00 C:\WINDOWS\tasks\At23.job
2007-06-22 06:00:00 C:\WINDOWS\tasks\At24.job
2007-06-21 07:00:00 C:\WINDOWS\tasks\At25.job
2007-06-21 01:19:59 C:\WINDOWS\tasks\At26.job
2007-06-21 01:20:00 C:\WINDOWS\tasks\At27.job
2007-06-21 01:20:01 C:\WINDOWS\tasks\At28.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At29.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At3.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At30.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At31.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At32.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At33.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At34.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At35.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At36.job
2007-06-21 19:00:01 C:\WINDOWS\tasks\At37.job
2007-06-21 20:00:00 C:\WINDOWS\tasks\At38.job
2007-06-21 21:00:00 C:\WINDOWS\tasks\At39.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At4.job
2007-06-21 22:00:02 C:\WINDOWS\tasks\At40.job
2007-06-21 23:00:00 C:\WINDOWS\tasks\At41.job
2007-06-22 00:00:00 C:\WINDOWS\tasks\At42.job
2007-06-22 01:00:00 C:\WINDOWS\tasks\At43.job
2007-06-22 02:00:00 C:\WINDOWS\tasks\At44.job
2007-06-22 03:00:00 C:\WINDOWS\tasks\At45.job
2007-06-22 04:00:00 C:\WINDOWS\tasks\At46.job
2007-06-22 05:00:00 C:\WINDOWS\tasks\At47.job
2007-06-22 06:00:00 C:\WINDOWS\tasks\At48.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At5.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At6.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At7.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At8.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At9.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 10:19:30
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 10:20:07
C:\ComboFix-quarantined-files.txt ... 2007-06-22 10:19
C:\ComboFix2.txt ... 2007-06-21 20:07

--- E O F ---


HJT log:

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Anti-virus Programs (Don't Delete) (John)\HijackThis(I know it looks evil but don't delete).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ieconfig.qualcomm.com/install.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135545482560
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O18 - Protocol: bw+0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

(Yes I did delete the 02 BHO but it ressurected itself)
Kick the computer

it's fun

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 PM

Posted 22 June 2007 - 02:58 PM

The top part of your HijackThis log is missing. Can you please post a complet log.

#8 Preying to the Comp Gods

Preying to the Comp Gods
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 22 June 2007 - 03:00 PM

Sorry. ......
Here it is:


Logfile of HijackThis v1.99.1
Scan saved at 12:59:38 PM, on 6/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\System32\rsvp.exe
C:\Anti-virus Programs (Don't Delete) (John)\HijackThis(I know it looks evil but don't delete).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ieconfig.qualcomm.com/install.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135545482560
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O18 - Protocol: bw+0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

:thumbsup:
Kick the computer

it's fun

#9 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 PM

Posted 22 June 2007 - 03:47 PM

Hi,

Something is preventing the HijackThis from fixing the BHO entry. It's probably one of the below. Let's try again.

Open AVG Anti Spyware.
Under 'Status',click on "change status" to make it 'inactive'. Once your log is clean you can re-enable it.

Is Ad-Aware 2007 the paid version? If it has the Adwatch function, it would prevent any changes. I would like you to remove it from Add/Remove Programs in Control Panel. Then restart the computer. You can install it again once the computer is clean.

==================================

Now, scan with HijackThis and put a checkmark against the following entry:

O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - (no file)

Close all browsers/windows except HijackThis and click on "fix checked".

==================================

You still have some bad entries which are disabled via msconfig. We'll need to fix them.

Delete the previous Combofix-Do file from the desktop.

Open notepad( it must be notepad, not wordpad), and copy/paste the text inside the quotebox (Starting from File:: .........., do not copy the word"Quote") below into it:

File::
C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Think-Adz.lnk
C:\Program Files\MSN Gaming Zone\profsyvyka.html
C:\WINDOWS\csrss.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\pss\TA_Start.lnk

Registry::
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^TA_Start.lnkStartup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^Think-Adz.lnkStartup]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]


Save this as ComboFix-Do.txt Posted Image
Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe .
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Also post this log please: C:\ComboFix-quarantined-files.txt ... 2007-06-22 10:19[/b]

#10 Preying to the Comp Gods

Preying to the Comp Gods
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 22 June 2007 - 04:26 PM

O.K.......
I finally got rid of that BHO.
I had to uninstall: Ad-Aware, AVG Anti-Spyware, and AVG Anti-Virus
Then I removed it in HJT did a restart, checked HJT again and TADA it was gone.

My HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:18:14 PM, on 6/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Anti-virus Programs (Don't Delete) (John)\HijackThis(I know it looks evil but don't delete).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ieconfig.qualcomm.com/install.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135545482560
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O18 - Protocol: bw+0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

My ComboFix Log:

ComboFix 07-06-22.2 - C:\Documents and Settings\Ruth\Desktop\ComboFix.exe
"Ruth" - 2007-06-22 14:05:27 - Service Pack 1 NTFS
Command switches used :: C:\Documents and Settings\Ruth\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))


2007-06-21 19:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-06-21 17:29 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-06-21 17:28 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-06-21 17:28 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-06-21 17:28 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-06-21 17:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-06-21 17:28 <DIR> d-------- C:\Program Files\Sygate
2007-06-21 16:47 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-06-21 16:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-06-21 16:46 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-06-21 16:39 56,832 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-21 16:38 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-06-21 16:38 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-06-21 16:38 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-21 16:38 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-06-21 16:38 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-21 16:38 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-06-21 16:38 <DIR> d-------- C:\Program Files\Common Files\logishrd
2007-06-21 16:01 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-06-21 15:53 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-06-21 15:53 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-06-21 15:53 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-21 15:19 56 --a------ C:\WINDOWS\system32\midimap.dll
2007-06-21 14:58 <DIR> d-------- C:\WINDOWS\Prefetch
2007-06-21 14:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-06-21 14:41 <DIR> d-------- C:\WINDOWS\ehome
2007-06-21 14:36 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-06-21 14:36 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-06-21 14:36 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-06-21 14:36 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2007-06-21 14:36 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-06-21 14:36 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-06-21 14:36 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2007-06-21 14:36 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-06-21 14:36 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-06-21 14:36 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-06-21 14:36 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2007-06-21 14:36 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-06-21 14:36 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-06-21 14:36 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2007-06-21 14:36 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-06-21 14:36 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2007-06-21 14:36 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2007-06-21 14:36 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-06-21 14:36 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2007-06-21 14:36 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-06-21 14:35 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2007-06-21 14:35 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2007-06-21 14:35 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2007-06-21 14:35 921,475 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2007-06-21 14:35 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2007-06-21 14:35 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2007-06-21 14:35 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-06-21 14:35 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-06-21 14:35 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-06-21 14:35 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-06-21 14:35 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-06-21 14:35 844,675 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-06-21 14:35 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-06-21 14:35 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2007-06-21 14:35 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2007-06-21 14:35 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-06-21 14:35 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-06-21 14:35 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-06-21 14:35 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-06-21 14:35 72,192 --a------ C:\WINDOWS\system32\telnet.exe
2007-06-21 14:35 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2007-06-21 14:35 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-06-21 14:35 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2007-06-21 14:35 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2007-06-21 14:35 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2007-06-21 14:35 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-06-21 14:35 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2007-06-21 14:35 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2007-06-21 14:35 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-06-21 14:35 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-06-21 14:35 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-06-21 14:35 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2007-06-21 14:35 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2007-06-21 14:35 61,952 --a------ C:\WINDOWS\system32\sti.dll
2007-06-21 14:35 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-06-21 14:35 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-06-21 14:35 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2007-06-21 14:35 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2007-06-21 14:35 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-06-21 14:35 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2007-06-21 14:35 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2007-06-21 14:35 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-06-21 14:35 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-06-21 14:35 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2007-06-21 14:35 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2007-06-21 14:35 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-06-21 14:35 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-06-21 14:35 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-06-21 14:35 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-06-21 14:35 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-06-21 14:35 53,248 --a------ C:\WINDOWS\system32\packager.exe
2007-06-21 14:35 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 20:57:41 -------- d-----w C:\Program Files\Lavasoft
2007-06-22 03:01:22 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-21 23:19:13 -------- d-----w C:\Program Files\Messenger
2007-06-21 22:01:54 -------- d-----w C:\Program Files\MSN Messenger
2007-06-21 21:41:14 -------- d-----w C:\Program Files\Movie Maker
2007-06-07 21:26:08 -------- d-----w C:\Program Files\Symantec
2007-06-07 21:26:05 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-07 21:26:04 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-07 21:15:24 -------- d-----w C:\DOCUME~1\Ruth\APPLIC~1\MSN6
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-21 11:42]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost"=C:\WINDOWS\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN Gaming Zone\profsyvyka.html
FriendlyName=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DM_Server]
C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymProxySvc"=2 (0x2)
"SBService"=2 (0x2)
"NetSvc"=3 (0x3)
"navapsvc"=3 (0x3)
"ImapiService"=3 (0x3)
"BlackICE"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Windows Overlay Components"=2 (0x2)
"Network Monitor"=2 (0x2)
"Net Agent"=2 (0x2)
"DomainService"=2 (0x2)


Contents of the 'Scheduled Tasks' folder
2007-06-21 07:00:00 C:\WINDOWS\tasks\At1.job
2007-06-17 16:01:44 C:\WINDOWS\tasks\At10.job
2007-06-20 17:01:42 C:\WINDOWS\tasks\At11.job
2007-06-22 18:00:00 C:\WINDOWS\tasks\At12.job
2007-06-22 19:00:00 C:\WINDOWS\tasks\At13.job
2007-06-22 20:00:00 C:\WINDOWS\tasks\At14.job
2007-06-22 21:00:00 C:\WINDOWS\tasks\At15.job
2007-06-21 22:00:01 C:\WINDOWS\tasks\At16.job
2007-06-21 23:00:00 C:\WINDOWS\tasks\At17.job
2007-06-22 00:00:00 C:\WINDOWS\tasks\At18.job
2007-06-22 01:00:00 C:\WINDOWS\tasks\At19.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At2.job
2007-06-22 02:00:00 C:\WINDOWS\tasks\At20.job
2007-06-22 03:00:00 C:\WINDOWS\tasks\At21.job
2007-06-22 04:00:00 C:\WINDOWS\tasks\At22.job
2007-06-22 05:00:00 C:\WINDOWS\tasks\At23.job
2007-06-22 06:00:00 C:\WINDOWS\tasks\At24.job
2007-06-21 07:00:00 C:\WINDOWS\tasks\At25.job
2007-06-21 01:19:59 C:\WINDOWS\tasks\At26.job
2007-06-21 01:20:00 C:\WINDOWS\tasks\At27.job
2007-06-21 01:20:01 C:\WINDOWS\tasks\At28.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At29.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At3.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At30.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At31.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At32.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At33.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At34.job
2007-06-21 01:20:02 C:\WINDOWS\tasks\At35.job
2007-06-22 18:00:00 C:\WINDOWS\tasks\At36.job
2007-06-22 19:00:00 C:\WINDOWS\tasks\At37.job
2007-06-22 20:00:00 C:\WINDOWS\tasks\At38.job
2007-06-22 21:00:00 C:\WINDOWS\tasks\At39.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At4.job
2007-06-21 22:00:02 C:\WINDOWS\tasks\At40.job
2007-06-21 23:00:00 C:\WINDOWS\tasks\At41.job
2007-06-22 00:00:00 C:\WINDOWS\tasks\At42.job
2007-06-22 01:00:00 C:\WINDOWS\tasks\At43.job
2007-06-22 02:00:00 C:\WINDOWS\tasks\At44.job
2007-06-22 03:00:00 C:\WINDOWS\tasks\At45.job
2007-06-22 04:00:00 C:\WINDOWS\tasks\At46.job
2007-06-22 05:00:00 C:\WINDOWS\tasks\At47.job
2007-06-22 06:00:00 C:\WINDOWS\tasks\At48.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At5.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At6.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At7.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At8.job
2007-06-10 22:59:20 C:\WINDOWS\tasks\At9.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 14:07:02
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 14:07:38
C:\ComboFix-quarantined-files.txt ... 2007-06-22 14:07
C:\ComboFix2.txt ... 2007-06-22 10:20
C:\ComboFix3.txt ... 2007-06-21 20:07

--- E O F ---


As for that ComboFix Quarantine Log... It was replaced by the new Quarantine log, which was made after i followed your most recent instructions. :thumbsup:

Here it is:

2001-03-08 19:30	  24064	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml3a.dll.vir
2005-11-15 20:06	  809	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\Ruth\Desktop\Internet Explorer.lnk.vir
2007-04-30 08:06	  142	--a------	C:\Qoobox\Quarantine\C\Program Files\MSN Gaming Zone\profsyvyka.html.vir
2007-06-10 15:35	  33302	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fccawts.dll.vir
2007-06-10 15:35	  72832	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir
2007-06-10 15:36	  164787	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\core.cache.dsk.vir
2007-06-10 15:46	  263220	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ddaba.dll.vir
2007-06-20 12:39	  1829814	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\abadd.bak1.vir
2007-06-20 22:47	  8424	--a------	C:\Qoobox\Quarantine\C\WINDOWS\cs_cache.ini.vir
2007-06-21 12:42	  124436	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\bafvilfc.dll.vir
2007-06-21 17:00	  1842851	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\abadd.ini2.vir
2007-06-21 17:02	  1837768	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\abadd.bak2.vir
2007-06-21 19:59	  645	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\cflivfab.ini.vir
2007-06-21 20:01	  1220	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_CORE.reg.cf
2007-06-21 20:01	  1829146	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\abadd.ini.vir
2007-06-21 20:01	  218933	--a------	C:\Qoobox\Quarantine\catchme2007-06-21_200555.39.zip
2007-06-21 20:01	  2430	--a------	C:\Qoobox\Quarantine\Registry_backups\services_Net Agent.reg.cf
2007-06-21 20:01	  444	--a------	C:\Qoobox\Quarantine\catchme.log
2007-06-21 20:01	  814	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NET_AGENT.reg.cf
2007-06-21 20:01	  832	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_CMDSERVICE.reg.cf
2007-06-21 20:01	  860	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_RUNTIME.reg.cf
2007-06-21 20:01	  862	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_NETWORK_MONITOR.reg.cf
2007-06-21 20:01	  950	--a------	C:\Qoobox\Quarantine\Registry_backups\LEGACY_WINDOWS_OVERLAY_COMPONENTS.reg.cf
2007-06-21 20:01	  994	--a------	C:\Qoobox\Quarantine\Registry_backups\services_core.reg.cf


Folder PATH listing
Volume serial number is 71FAE346 B875:4C4E
C:\QOOBOX
\---Quarantine
	|   catchme.log
	|   catchme2007-06-21_200555.39.zip
	|   
	+---C
	|   +---DOCUME~1
	|   |   \---Ruth
	|   |	   \---Desktop
	|   |			   Internet Explorer.lnk.vir
	|   |			   
	|   +---Program Files
	|   |   \---MSN Gaming Zone
	|   |		   profsyvyka.html.vir
	|   |		   
	|   \---WINDOWS
	|	   |   cs_cache.ini.vir
	|	   |   
	|	   \---system32
	|		   |   abadd.bak1.vir
	|		   |   abadd.bak2.vir
	|		   |   abadd.ini.vir
	|		   |   abadd.ini2.vir
	|		   |   bafvilfc.dll.vir
	|		   |   cflivfab.ini.vir
	|		   |   ddaba.dll.vir
	|		   |   fccawts.dll.vir
	|		   |   msxml3a.dll.vir
	|		   |   
	|		   \---drivers
	|				   core.cache.dsk.vir
	|				   core.sys.vir
	|				   
	\---Registry_backups
			LEGACY_CMDSERVICE.reg.cf
			LEGACY_CORE.reg.cf
			LEGACY_NETWORK_MONITOR.reg.cf
			LEGACY_NET_AGENT.reg.cf
			LEGACY_RUNTIME.reg.cf
			LEGACY_WINDOWS_OVERLAY_COMPONENTS.reg.cf
			services_core.reg.cf
			services_Net Agent.reg.cf

Kick the computer

it's fun

#11 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 PM

Posted 22 June 2007 - 04:37 PM

Hi,

I don't see your antiviurs running in the log. While I am checking the logs, please turn your antivirus back on right away and do not surf the web without it or you'll get infected again immediately.

#12 Preying to the Comp Gods

Preying to the Comp Gods
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 22 June 2007 - 04:39 PM

Which anti-virus? AVG anti-virus?

Also... should i turn Resident Shield (active monitoring) back on?


Just ignore this post.....

I reinstalled AVG Anti-Virus
Resident shield is back on

Edited by Preying to the Comp Gods, 22 June 2007 - 04:51 PM.

Kick the computer

it's fun

#13 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 PM

Posted 22 June 2007 - 05:06 PM

Hi,

Which anti-virus? AVG anti-virus?

Yes, the AVG Anti virus.
For AVG Anti Spyware, keep the active shield inactive, because we are going to use the Hijackthis again in a little while.

Now I am going to ask you to do something very carefully.

Please disconnect the computer from the internet physically. (unplug the internet cable). Then:

1.) Go to Start, Run, and type msconfig and click OK
2.) If not already selected go to the General tab.
3.) Click on "Startup" tab. DO NOT DO ANYTHING WITH ANY OF THE OTHER TABS
4.) Make a note of all the items which don't have a checkmark.
5.) When the above step is done, select "Enable all
6.) Click Apply and then OK and Close.
7.) When given the option, please choose to reboot the computer.
8.) Scan with HijackThis and save the new HJT log on your desktop.

1.) Then repeat the above instructions upto step #3.
2.) When you are in the "Startup" tab, UNCHECK again all the entries that you noted down earlier.
3.) Click "Apply" and the OK and close.
4.) Restart the computer
5.) Connect back to the internet and post the new HijackThis log please.

Edited by amateur, 22 June 2007 - 05:07 PM.


#14 Preying to the Comp Gods

Preying to the Comp Gods
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 22 June 2007 - 05:26 PM

In case it matters at all... I had uncheked those because as far as i could tell they were related to viruses (except for the logitech one... but it was annoying anyway) :thumbsup:

Also, i noticed something suspcious: after i turned all the startups on and restarted, when i went back to msconfig to turn them off again one of the startups had dissapeared: SNDMon :flowers:

And here's my HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 3:15:33 PM, on 6/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Anti-virus Programs (Don't Delete) (John)\HijackThis(I know it looks evil but don't delete).exe
C:\WINDOWS\System32\WgaTray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ieconfig.qualcomm.com/install.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\itpb_11.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinpndt.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1135545482560
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.tgrt.com.tr/CanliYayin/ampx2.6.1.11_en_dl.cab
O18 - Protocol: bw+0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {570D73F5-E1E0-4931-9EE4-6994B19BAB10} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Kick the computer

it's fun

#15 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:06 PM

Posted 22 June 2007 - 05:54 PM

Hi,

OK. Well done. :thumbsup: You're doing very well. :flowers:

Logitech Desktop Messenger uses "BackWeb" proactive technology to retrieve information about your Logitech devices by downloading content in the background during network idle time. Eventhough they claim not to upload any other information to their servers or any other internet servers, it's still spying in my book. So, I would recommend you remove this feature. Simply remove "Logitech Desktop Messenger" from Add/Remove programs in the Control panel. One advantage for me: it won't be crowding the HijackThis log.

=======================================

Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

** These files are hidden to stop you or anybody else accidentally removing something important.
It is advisable to hide them again after you're done. **

=======================================

Now, run HijackThis. Close all windows and browsers except HijackThis.

Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the file below to select it:

C:\WINDOWS\itpb_11.exe

do the same for this one:

C:\WINDOWS\system32\twinpndt.exe

Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, click on Scan and put a check in front of the following

O4 - HKLM\..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\bin\dmserver.exe /onreboot
O4 - Startup: TA_Start.lnk = C:\WINDOWS\itpb_11.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinpndt.exe


Make sure that all browsers/windows are closed and only HijackThis is open. Then, click on "fix checked".

=======================================

Next, using Windows Explorer, locate and delete this folder:

C:\PROGRAM FILES\COMET SYSTEM

=======================================

Restart your computer. (This is important)

=======================================

Post a fresh HijackThis log please.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users