Combofix Log and HijackThis

Discussion in 'Windows - Virus and spyware problems' started by JazBaws, Oct 27, 2006.

  1. JazBaws

    JazBaws Member

    Joined:
    Oct 18, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Owner - 06-10-28 1:40:42.54 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
    C:\WINDOWS\system32\components
    C:\Program Files\Common Files\{75A175BE-03E2-1033-0903-050503030001}
    C:\Program Files\Common Files\{35A175BE-03E2-1033-0903-050503030001}

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Owner\Application Data\CURITY~1
    C:\QooBox\Purity\Documents and Settings\Owner\Application Data\CURITY~1\winspool.exe
    C:\QooBox\Purity\Documents and Settings\Owner\Application Data\CURITY~1\??curity
    C:\QooBox\Purity\Program Files\APPATC~1
    C:\QooBox\Purity\Program Files\APPATC~1\??anregw.exe


    ((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))


    2006-10-27 22:54 605,021 ---hs---- C:\WINDOWS\system32\oqstv.ini2
    2006-10-27 19:10 98,324 --a------ C:\WINDOWS\system32\hjaweyfu.dll
    2006-10-27 19:10 688,180 ---hs---- C:\WINDOWS\system32\vtsqo.dll
    2006-10-27 19:10 593,176 ---hs---- C:\WINDOWS\system32\oqstv.bak1
    2006-10-27 19:00 94,208 --a------ C:\WINDOWS\system32\rbxrmhk.dll
    2006-10-27 19:00 72,704 --a------ C:\WINDOWS\system32\qanrylm.dll
    2006-10-27 19:00 53,760 --a------ C:\WINDOWS\system32\drvdaz.dll
    2006-10-27 19:00 2 --a------ C:\WINDOWS\system32\wnsapisu.exe
    2006-10-27 19:00 131,072 --a------ C:\WINDOWS\system32\nbknm.dll
    2006-10-27 18:59 40,973 ---hs---- C:\WINDOWS\system32\tuvvuuv.dll
    2006-10-27 18:59 18,432 --a------ C:\WINDOWS\system32\winwil32.dll
    2006-10-26 12:27 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
    2006-10-24 18:22 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
    2006-10-19 00:44 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2006-10-19 00:44 7,136 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
    2006-10-19 00:44 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2006-10-19 00:44 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2006-10-19 00:44 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2006-10-19 00:44 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2006-10-19 00:44 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2006-10-19 00:44 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2006-10-19 00:43 913,280 -ra------ C:\WINDOWS\system32\drivers\LV302AV.SYS
    2006-10-19 00:43 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2006-10-19 00:43 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
    2006-10-19 00:43 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2006-10-19 00:43 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll
    2006-10-19 00:43 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
    2006-10-19 00:43 2,180,096 -ra------ C:\WINDOWS\system32\drivers\LVSVF2.sys
    2006-10-19 00:43 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll
    2006-10-19 00:35 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2006-10-19 00:33 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
    2006-10-19 00:33 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
    2006-10-19 00:33 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2006-10-19 00:33 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
    2006-10-19 00:33 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
    2006-10-19 00:33 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
    2006-10-19 00:33 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
    2006-10-19 00:33 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
    2006-10-19 00:33 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
    2006-10-19 00:33 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
    2006-10-19 00:33 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
    2006-10-19 00:33 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
    2006-10-19 00:33 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
    2006-10-19 00:33 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
    2006-10-19 00:33 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
    2006-10-19 00:30 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2006-10-19 00:30 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2006-10-18 14:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
    2006-10-18 14:56 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-10-04 14:51 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll
    2006-10-04 14:51 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll
    2006-10-02 14:04 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2006-10-02 14:04 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2006-10-02 14:04 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2006-10-02 14:04 635,486 --a------ C:\WINDOWS\system32\DivX.dll
    2006-09-29 20:20 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
    2006-09-29 20:20 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-28 01:43 -------- d-------- C:\Program Files\Common Files
    2006-10-27 23:16 -------- d-------- C:\Program Files\fulDC
    2006-10-27 21:29 -------- d-------- C:\Program Files\PCPitstop
    2006-10-27 21:29 -------- d-------- C:\Program Files\Common Files\Scanner
    2006-10-27 19:01 -------- d-------- C:\Program Files\Ultimate Defender
    2006-10-24 13:19 -------- d-------- C:\Program Files\MSXML 4.0
    2006-10-22 02:14 -------- d-------- C:\Documents and Settings\Owner\Application Data\DivX
    2006-10-22 01:27 -------- d-------- C:\Program Files\DivX
    2006-10-22 01:14 -------- d-------- C:\Program Files\Common Files\xing shared
    2006-10-22 01:14 -------- d-------- C:\Program Files\Common Files\Real
    2006-10-21 14:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\Winamp
    2006-10-20 20:38 -------- d-------- C:\Program Files\Starcraft
    2006-10-20 18:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sonic
    2006-10-19 04:30 -------- d-------- C:\Program Files\Java
    2006-10-19 01:21 -------- d-------- C:\Program Files\Common Files\Sonic Shared
    2006-10-19 01:11 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
    2006-10-19 00:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\FotoWire
    2006-10-19 00:35 -------- d-------- C:\Program Files\Logitech
    2006-10-19 00:35 -------- d-------- C:\Program Files\Common Files\FotoWire
    2006-10-19 00:34 -------- d-------- C:\Program Files\Common Files\Logitech
    2006-10-19 00:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-18 18:40 -------- d-------- C:\Program Files\Google
    2006-10-16 21:25 -------- d-------- C:\Program Files\Common Files\Symantec Shared
    2006-10-16 20:40 -------- d-------- C:\Program Files\Norton Internet Security
    2006-10-14 13:52 -------- d-------- C:\Program Files\Symantec Technical Support
    2006-10-04 16:31 -------- d-------- C:\Program Files\Sierra On-Line
    2006-10-04 16:21 -------- d-------- C:\Documents and Settings\Owner\Application Data\IGN_DLM
    2006-10-04 16:19 -------- d-------- C:\Program Files\Common Files\Sierra On-Line
    2006-10-04 16:11 -------- d-------- C:\Program Files\IGN
    2006-10-02 13:12 -------- d-------- C:\Program Files\Symantec
    2006-10-01 02:11 -------- d-------- C:\Program Files\WON
    2006-09-25 15:33 -------- d-------- C:\Program Files\Diablo II
    2006-09-25 15:32 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2006-09-25 15:16 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2006-09-25 15:16 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2006-09-25 15:16 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2006-09-24 16:00 86528 --a------ C:\WINDOWS\bnetunin.exe
    2006-09-24 16:00 61440 --a------ C:\WINDOWS\diabunin.exe
    2006-09-23 10:56 -------- d---s---- C:\Program Files\Xfire
    2006-09-22 22:35 -------- d-------- C:\Documents and Settings\Owner\Application Data\Xfire
    2006-09-21 20:43 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-09-21 20:43 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
    2006-09-20 18:19 -------- d-------- C:\Documents and Settings\Owner\Application Data\Common Files
    2006-09-16 14:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\HP
    2006-09-16 07:00 278528 --a------ C:\WINDOWS\system32\livesnth.dll
    2006-09-16 07:00 203776 --a------ C:\WINDOWS\system32\clrviddc.dll
    2006-09-16 06:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
    2006-09-16 06:48 -------- d-------- C:\Program Files\Real
    2006-09-15 23:00 -------- d-------- C:\Documents and Settings\Owner\Application Data\My Games
    2006-09-15 22:52 91904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2006-09-15 22:52 124016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2006-09-15 22:40 -------- d-------- C:\Program Files\Firaxis Games
    2006-09-15 19:33 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
    2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-09-03 02:35 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
    2006-09-01 11:54 5273 --a------ C:\Documents and Settings\Owner\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
    2006-09-01 11:54 -------- d-------- C:\Program Files\Viewpoint
    2006-09-01 11:54 -------- d-------- C:\Program Files\Common Files\Viewpoint
    2006-08-25 14:59 967 --a------ C:\WINDOWS\ScUnin.pif
    2006-08-25 14:59 94208 --a------ C:\WINDOWS\ScUnin.exe
    2006-08-25 14:51 0 -rahs---- C:\MSDOS.SYS
    2006-08-25 14:51 0 -rahs---- C:\IO.SYS
    2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
    2006-08-10 18:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
    2006-08-10 18:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Tbsa"="\"C:\\DOCUME~1\\Owner\\APPLIC~1\\CURITY~1\\winspool.exe\" -vt yazb"
    "Abrlro"="C:\\Program Files\\A?pPatch\\??anregw.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
    "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
    "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
    "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "IS CfgWiz"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\""
    "ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvdaz.dll,startup"
    "rbxrmhk.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\rbxrmhk.dll,ecpjzme"
    "AuditMode"="C:\\sysprep\\FACTORY.EXE -logon"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{9A8EB23E-C606-4A9B-B474-38C3442CB782}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Hp\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
    "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
    "item"="Logitech Desktop Messenger"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKCU"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="EabServr"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AOLSoftware"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\AOL\\1156636277\\ee\\AOLSoftware.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IPHSend"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="iTunesHelper"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LogitechDesktopMessenger"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ManifestEngine"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SNDMon"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvuuv
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqo
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwil32

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Easy Internet Sign-up.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    Completion time: 06-10-28 1:45:27.67
    C:\ComboFix.txt ... 06-10-28 01:45

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Logfile of HijackThis v1.99.1
    Scan saved at 1:51:22 AM, on 10/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Documents and Settings\Owner\My Documents\Applications\HijackThis_v1.99.1.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {08715188-F182-66CE-448F-09518434457D} - C:\WINDOWS\system32\qanrylm.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hjaweyfu.dll
    O2 - BHO: (no name) - {2EE14539-C8F4-454F-AC06-23C60BCFF1B6} - C:\WINDOWS\system32\vtsqo.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {9A8EB23E-C606-4A9B-B474-38C3442CB782} - C:\WINDOWS\system32\tuvvuuv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{35A175BE-03E2-1033-0903-050503030001}\MyToolBar.dll (file missing)
    O2 - BHO: (no name) - {c3703265-4671-4858-92a4-cba6a7b3bb45} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O2 - BHO: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{35A175BE-03E2-1033-0903-050503030001}\MyToolBar.dll (file missing)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdaz.dll,startup
    O4 - HKLM\..\Run: [rbxrmhk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rbxrmhk.dll,ecpjzme
    O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\winspool.exe" -vt yazb
    O4 - HKCU\..\Run: [Abrlro] C:\Program Files\A?pPatch\??anregw.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161712842455
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O18 - Protocol: bw+0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: tuvvuuv - C:\WINDOWS\SYSTEM32\tuvvuuv.dll
    O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    JazBaws, Oct 27, 2006
    #1
  2. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
    in reply to your hijack this log, the following should be deleted.

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O4 - HKLM\..\Run: [rbxrmhk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rbxrmhk.dll,ecpjzme

    O18 - Protocol: bw+0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw+0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw-0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw-0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw00 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw00s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw10 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw10s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw20 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw20s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw30 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw30s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw40 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw40s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw50 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw50s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw60 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw60s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw70 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw70s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw80 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw80s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw90 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bw90s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwa0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwa0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwb0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwb0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwc0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwc0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwd0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwd0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwe0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwe0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwf0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwf0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O18 - Protocol: bwg0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwg0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwh0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwh0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwi0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwi0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwj0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwj0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwk0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwk0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwl0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwl0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwm0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwm0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwn0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwn0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwo0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwo0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwp0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwp0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwq0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwq0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwr0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwr0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bws0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bws0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwt0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwt0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwu0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwu0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwv0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwv0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bww0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bww0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwx0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwx0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwy0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwy0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwz0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: bwz0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O18 - Protocol: offline-8876480 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll




    The following are not needed on your computer anymore:

    O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{35A175BE-03E2-1033-0903-050503030001}\MyToolBar.dll (file missing)

    O2 - BHO: (no name) - {c3703265-4671-4858-92a4-cba6a7b3bb45} - C:\WINDOWS\system32\ixt0.dll (file missing)

    O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{35A175BE-03E2-1033-0903-050503030001}\MyToolBar.dll (file missing)



    Damn that took me ages, but boy do you need it


     
    kateman, Oct 28, 2006
    #2
  3. JazBaws

    JazBaws Member

    Joined:
    Oct 18, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Ok here's what I got now.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:08:55 AM, on 10/28/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\fulDC\DCPlusPlus.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\AOL\1156636277\ee\aolsoftware.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    c:\program files\common files\aol\1156636277\ee\aim6.exe
    C:\Documents and Settings\Owner\My Documents\Applications\HijackThis_v1.99.1.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {08715188-F182-66CE-448F-09518434457D} - C:\WINDOWS\system32\qanrylm.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hjaweyfu.dll
    O2 - BHO: (no name) - {2EE14539-C8F4-454F-AC06-23C60BCFF1B6} - C:\WINDOWS\system32\vtsqo.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {9A8EB23E-C606-4A9B-B474-38C3442CB782} - C:\WINDOWS\system32\tuvvuuv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdaz.dll,startup
    O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\winspool.exe" -vt yazb
    O4 - HKCU\..\Run: [Abrlro] C:\Program Files\A?pPatch\??anregw.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161712842455
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O20 - Winlogon Notify: tuvvuuv - C:\WINDOWS\SYSTEM32\tuvvuuv.dll
    O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    JazBaws, Oct 28, 2006
    #3
  4. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
    delete this, other than that it looks clean

    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)

     
    kateman, Oct 28, 2006
    #4
  5. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    [bold]NO and NO[/bold]!!!

    Sorry, but kateman you are missing so much. And those 018 entires were not supposed to be fixed!

    @JazBaws,

    Open HijackThis.
    Click "View the list of backups".
    Select all those 018 entries and click "Restore".

    Download VundoFix to your desktop.

    Double-click VundoFix.exe to run it.
    Click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will reboot your computer, click OK.
    Please post the contents of C:\vundofix.txt and a fresh HijackThis log.

    Edit2: I'll wait on the vundofix log because need to know something about a file. :)

    Edit3 :)
    Show hidden files and folders:
    Control Panel > Folder Options > View tab > check "Show hidden files and folders".
    Find this file:
    C:\WINDOWS\system32\[bold]rbxrmhk.dll[/bold]
    Right click and select Properties. Please tell me the size of that file.
     
    Last edited: Oct 28, 2006
    Niobis, Oct 28, 2006
    #5
  6. JazBaws

    JazBaws Member

    Joined:
    Oct 18, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    The rbxrmhk.dll file was 92kb.




    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 1:50:32 AM 10/29/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\hjaweyfu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\qanrylm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\rbxrmhk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\winwil32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\vtsqo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.tmp
    C:\WINDOWS\system32\oqstv.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Logfile of HijackThis v1.99.1
    Scan saved at 1:03:57 AM, on 10/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Documents and Settings\Owner\My Documents\Applications\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {08715188-F182-66CE-448F-09518434457D} - C:\WINDOWS\system32\qanrylm.dll (file missing)
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hjaweyfu.dll (file missing)
    O2 - BHO: (no name) - {30FB7EA1-B443-4A53-A8CC-DE0ADF0C1036} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {9A8EB23E-C606-4A9B-B474-38C3442CB782} - C:\WINDOWS\system32\tuvvuuv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdaz.dll,startup
    O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\winspool.exe" -vt yazb
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161712842455
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O18 - Protocol: bw+0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: tuvvuuv - C:\WINDOWS\SYSTEM32\tuvvuuv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    JazBaws, Oct 28, 2006
    #6
  7. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Go here and download [bold]ATF Cleaner[/bold]. Do not run it yet, we will later.

    Run a scan only with HijackThis, check these:

    [bold]R3 - URLSearchHook: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    O2 - BHO: (no name) - {08715188-F182-66CE-448F-09518434457D} - C:\WINDOWS\system32\qanrylm.dll (file missing)
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\hjaweyfu.dll (file missing)
    O2 - BHO: (no name) - {30FB7EA1-B443-4A53-A8CC-DE0ADF0C1036} - C:\WINDOWS\system32\vtsqo.dll (file missing)
    O2 - BHO: (no name) - {9A8EB23E-C606-4A9B-B474-38C3442CB782} - C:\WINDOWS\system32\tuvvuuv.dll
    O2 - BHO: (no name) - {DEEC039D-970E-EE82-2D06-C889187A31BC} - C:\WINDOWS\system32\nbknm.dll
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvdaz.dll,startup
    O4 - HKCU\..\Run: [Tbsa] "C:\DOCUME~1\Owner\APPLIC~1\CURITY~1\winspool.exe" -vt yazb
    O20 - Winlogon Notify: tuvvuuv - C:\WINDOWS\SYSTEM32\tuvvuuv.dll[/bold]

    Close all windows except HjT, then click "Fix checked".
    Close HjT.

    Go to Add/Remove Programs and uninstall(if you didn't install):
    [bold]Viewpoint Manager[/bold]

    [bold]Note[/bold]: Print or copy these instructions to Notepad and save them. You will be in safe mode after running VundoFix again.

    Double-click VundoFix.exe to run it.
    Right click inside the white Window.
    Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
    In the Window: copy/paste the following in the first field: [bold]C:\WINDOWS\system32\tuvvuuv.dll[/bold]
    Copy/paste the following in the second field: [bold]C:\WINDOWS\system32\vuuvvut.*[/bold]
    Click the Add Files button.
    Click the Close Window button.
    Click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on in safe mode(before the Windows load screen press F8, select "Safe Mode from menu).

    Locate and delete these files(if there).
    C:\WINDOWS\system32\[bold]nbknm.dll[/bold]
    C:\WINDOWS\system32\[bold]drvdaz.dll[/bold]
    C:\Documents and Settings\Owner\Application Data\Security\[bold]winspool.exe[/bold]
    Empty the Recyle Bin.

    Close all open windows.
    Open ATF Cleaner.
    Check "Select All".
    Click "Empty Selected".

    Restart in normal mode.
    Go here and run ActiveScan. When it finishes, save the log.

    Post back with the contents of C:\vundofix.txt, a new HijackThis log and the ActiveScan log.
     
    Niobis, Oct 28, 2006
    #7
  8. JazBaws

    JazBaws Member

    Joined:
    Oct 18, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 3:35:01 AM, on 10/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\uwa6pcw.exe
    C:\Program Files\Common Files\dc6_startupmon.exe
    C:\Program Files\Common Files\ers_startupmon.exe
    C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe
    C:\Documents and Settings\Owner\My Documents\Applications\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dighlmwu.dll
    O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
    O2 - BHO: (no name) - {2B21B214-FF05-4FBF-BD5C-72CDC0B0AA05} - C:\WINDOWS\system32\pmkhg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
    O4 - HKLM\..\Run: [DC6] "C:\Program Files\Common Files\dc6_startupmon.exe" /min
    O4 - HKLM\..\Run: [ERS] "C:\Program Files\Common Files\ers_startupmon.exe" /min
    O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\Common Files\uwa6pcw.exe" -c
    O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
    O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
    O4 - HKLM\..\RunOnce: [fat.exe] "C:\Program Files\WinAntiVirus Pro 2006\fat.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161712842455
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: bw+0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 1:50:32 AM 10/29/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\hjaweyfu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\qanrylm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\rbxrmhk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\winwil32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\vtsqo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.tmp
    C:\WINDOWS\system32\oqstv.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tuvvuuv.dll
    C:\WINDOWS\system32\tuvvuuv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Incident Status Location

    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected c:\program files\winantivirus pro 2006\fat.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\WinAntiVirus Pro 2006\asmngr.dll
    Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\dighlmwu.dll
    Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\program files\common files\WinAntiVirus Pro 2006
    Adware:adware/ipbill Not disinfected Windows Registry
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Owner\Application Data\winantiviruspro2006freeinstall[1].exe
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt
    Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Owner\Cookies\owner@winantivirus[1].txt
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8L2ZW5MR\WinAntiVirusPro2006FreeInstall[1].exe
    Possible Virus. Not disinfected C:\Documents and Settings\Owner\My Documents\Applications\backups\backup-20061029-025946-223.dll
    Possible Virus. Not disinfected C:\Documents and Settings\Owner\My Documents\Applications\backups\backup-20061029-025946-720.dll
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\Applications\SmitfraudFix\Process.exe
    Possible Virus. Not disinfected C:\Documents and Settings\Owner\My Documents\Applications\SmitfraudFix\swsc.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Owner\My Documents\Applications\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Possible Virus. Not disinfected C:\Documents and Settings\Owner\My Documents\Applications\SmitfraudFix.zip[SmitfraudFix/swsc.exe]
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\WinAntiVirus Pro 2006\Activate.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\WinAntiVirus Pro 2006\install.exe
    Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\WinAntiVirus Pro 2006\pv.exe
    Possible Virus. Not disinfected C:\QooBox\Purity\Documents and Settings\Owner\Application Data\CURITY~1\winspool.exe
    Possible Virus. Renamed C:\QooBox\Purity\Program Files\APPATC~1\??anregw.exe
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hjaweyfu.dll.bad
    Possible Virus. Not disinfected C:\VundoFix Backups\tuvvuuv.dll.bad
    Possible Virus. Not disinfected C:\VundoFix Backups\vtsqo.dll.bad
    Virus:Trj/DNSChanger.NF Disinfected C:\VundoFix Backups\winwil32.dll.bad
     
    JazBaws, Oct 29, 2006
    #8
  9. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Go to Add/Remove Programs and uninstall:
    [bold]WinAntivirus Pro 2006[/bold]
    WinAntivirus is a rouge anti-program. It will tell you there are infections just so you will buy their product, but the infections are not really there.

    Run VundoFix one more time. There's still more Vundo showing in the log.

    Go here and download [bold]Spybot Search and Destroy[/bold].

    * After installing, open Spybot.
    * Click "Check for Updates".
    * Click "Search for Updates".
    * Select all and click "Download Updates".
    * After updating, close Spybot. We will run the scan on safe mode.
    *[bold]Note[/bold]*: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet.
    * Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
    * Open Spybot.
    * Click "Check for Problems".
    * When it finishes, click "Fix selected problems".
    * Right click and select "Copy results" (not full report)
    * Paste them into Notepad and save them.

    Delete these folders(if there). If access is denied delete them in safe mode.
    C:\Program Files\[bold]WinAntivirus Pro 2006[/bold]
    C:\[bold]QooBox[/bold]
    C:\Documents and Settings\Owner\My Documents\Applications\[bold]backups[/bold]
    C:\[bold]VundoFix Backups[/bold]

    Post back with the new VundoFix log, the Spybot log and a new HijackThis log.
     
    Niobis, Oct 29, 2006
    #9
  10. JazBaws

    JazBaws Member

    Joined:
    Oct 18, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 9:19:55 PM, on 10/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Documents and Settings\Owner\My Documents\Applications\HijackThis_v1.99.1.exe
    C:\WINDOWS\system32\wscntfy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dighlmwu.dll (file missing)
    O2 - BHO: (no name) - {33D8453A-2CEB-4103-A35F-14C969F2E0D1} - C:\WINDOWS\system32\pmkhg.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
    O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161712842455
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: bw+0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    I had to do it twice, sorry.

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\WinAntiVirus Pro 2006*

    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-10-30 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-10-27 Includes\Cookies.sbi (*)
    2006-10-13 Includes\Dialer.sbi (*)
    2006-10-27 Includes\DialerC.sbi (*)
    2006-10-13 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2006-10-27 Includes\KeyloggersC.sbi (*)
    2006-10-13 Includes\Malware.sbi (*)
    2006-10-27 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2006-10-27 Includes\PUPSC.sbi (*)
    2006-10-27 Includes\Revision.sbi (*)
    2006-10-13 Includes\Security.sbi (*)
    2006-10-27 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2006-10-27 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-10-13 Includes\Trojans.sbi (*)
    2006-10-27 Includes\TrojansC.sbi (*)

    #2
    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vspf

    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vspf_hk

    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vspf

    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vspf_hk

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\WinAntiVirus Pro 2006*

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootStera

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\BootStera

    Winsoftware.WinAntiVirusPro2006: Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\WinAntiVirus Pro 2006

    Winsoftware.WinAntiVirusPro2006: Class ID (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}

    Winsoftware.WinAntiVirusPro2006: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}

    Winsoftware.WinAntiVirusPro2006: Type library (Registry key, fixed)
    HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}

    Winsoftware.WinAntiVirusPro2006: Root class (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\WAP6.PCheck

    Winsoftware.WinAntiVirusPro2006: Root class (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\WAP6.PCheck.1

    Winsoftware.WinAntiVirusPro2006: Class ID (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}

    Winsoftware.WinAntiVirusPro2006: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN

    Winsoftware.WinAntiVirusPro2006: Program group (Directory, fixed)
    C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\

    Winsoftware.WinAntiVirusPro2006: Program directory (Directory, fixed)
    C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2006\

    Winsoftware.WinAntiVirusPro2006: Application data folder (Directory, fixed)
    C:\Program Files\Common Files\WinAntiVirus Pro 2006\

    Winsoftware.WinAntiVirusPro2006: Program directory (Directory, fixed)
    C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2006\Logs\

    Smitfraud-C.: Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\AdwareDisableKey3

    Smitfraud-C.: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDisableKey3

    Smitfraud-C.Toolbar888: User settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C004DEC2-2623-438E-9CA2-C9043AB28508}\iexplore

    Smitfraud-C.Toolbar888: IE toolbar (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C004DEC2-2623-438E-9CA2-C9043AB28508}

    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera

    WinAntiVirusPro2006: Data (File, fixed)
    C:\WINDOWS\system32\stera.job

    Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    TagASaurus: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-10-30 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-10-27 Includes\Cookies.sbi (*)
    2006-10-13 Includes\Dialer.sbi (*)
    2006-10-27 Includes\DialerC.sbi (*)
    2006-10-13 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2006-10-27 Includes\KeyloggersC.sbi (*)
    2006-10-13 Includes\Malware.sbi (*)
    2006-10-27 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2006-10-27 Includes\PUPSC.sbi (*)
    2006-10-27 Includes\Revision.sbi (*)
    2006-10-13 Includes\Security.sbi (*)
    2006-10-27 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2006-10-27 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-10-13 Includes\Trojans.sbi (*)
    2006-10-27 Includes\TrojansC.sbi (*)

    Vundo


    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 1:50:32 AM 10/29/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\hjaweyfu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\qanrylm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\rbxrmhk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\winwil32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\vtsqo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.tmp
    C:\WINDOWS\system32\oqstv.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tuvvuuv.dll
    C:\WINDOWS\system32\tuvvuuv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 9:36:05 AM 10/30/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\pmkhg.dll
    C:\WINDOWS\system32\ghkmp.ini
    C:\WINDOWS\system32\ghkmp.bak1
    C:\WINDOWS\system32\ghkmp.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\dighlmwu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkhg.dll
    C:\WINDOWS\system32\pmkhg.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.ini
    C:\WINDOWS\system32\ghkmp.ini Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
    C:\WINDOWS\system32\ghkmp.bak1 Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.bak2
    C:\WINDOWS\system32\ghkmp.bak2 Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 8:43:59 PM 10/30/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\dighlmwu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\dighlmwu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 8:54:10 PM 10/30/2006

    Listing files found while scanning....

    No infected files were found.
     
    JazBaws, Oct 30, 2006
    #10
  11. JazBaws

    JazBaws Member

    Joined:
    Oct 18, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 9:19:55 PM, on 10/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Documents and Settings\Owner\My Documents\Applications\HijackThis_v1.99.1.exe
    C:\WINDOWS\system32\wscntfy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dighlmwu.dll (file missing)
    O2 - BHO: (no name) - {33D8453A-2CEB-4103-A35F-14C969F2E0D1} - C:\WINDOWS\system32\pmkhg.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
    O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161712842455
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: bw+0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    I had to do it twice, sorry.

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\WinAntiVirus Pro 2006*

    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-10-30 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-10-27 Includes\Cookies.sbi (*)
    2006-10-13 Includes\Dialer.sbi (*)
    2006-10-27 Includes\DialerC.sbi (*)
    2006-10-13 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2006-10-27 Includes\KeyloggersC.sbi (*)
    2006-10-13 Includes\Malware.sbi (*)
    2006-10-27 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2006-10-27 Includes\PUPSC.sbi (*)
    2006-10-27 Includes\Revision.sbi (*)
    2006-10-13 Includes\Security.sbi (*)
    2006-10-27 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2006-10-27 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-10-13 Includes\Trojans.sbi (*)
    2006-10-27 Includes\TrojansC.sbi (*)

    #2
    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vspf

    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vspf_hk

    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vspf

    Winsoftware.WinAntiVirusPro2006: System Service (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vspf_hk

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\*\WinAntiVirus Pro 2006*

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\*\WinAntiVirus Pro 2006*

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\BootStera

    Winsoftware.WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Session Manager\BootStera

    Winsoftware.WinAntiVirusPro2006: Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\WinAntiVirus Pro 2006

    Winsoftware.WinAntiVirusPro2006: Class ID (Registry key, fixed)
    HKEY_CLASSES_ROOT\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}

    Winsoftware.WinAntiVirusPro2006: Interface (Registry key, fixed)
    HKEY_CLASSES_ROOT\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}

    Winsoftware.WinAntiVirusPro2006: Type library (Registry key, fixed)
    HKEY_CLASSES_ROOT\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}

    Winsoftware.WinAntiVirusPro2006: Root class (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\WAP6.PCheck

    Winsoftware.WinAntiVirusPro2006: Root class (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\WAP6.PCheck.1

    Winsoftware.WinAntiVirusPro2006: Class ID (Registry key, fixed)
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}

    Winsoftware.WinAntiVirusPro2006: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN

    Winsoftware.WinAntiVirusPro2006: Program group (Directory, fixed)
    C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006\

    Winsoftware.WinAntiVirusPro2006: Program directory (Directory, fixed)
    C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2006\

    Winsoftware.WinAntiVirusPro2006: Application data folder (Directory, fixed)
    C:\Program Files\Common Files\WinAntiVirus Pro 2006\

    Winsoftware.WinAntiVirusPro2006: Program directory (Directory, fixed)
    C:\Documents and Settings\Owner\Application Data\WinAntiVirus Pro 2006\Logs\

    Smitfraud-C.: Settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\AdwareDisableKey3

    Smitfraud-C.: Settings (Registry key, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDisableKey3

    Smitfraud-C.Toolbar888: User settings (Registry key, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C004DEC2-2623-438E-9CA2-C9043AB28508}\iexplore

    Smitfraud-C.Toolbar888: IE toolbar (Registry value, fixed)
    HKEY_USERS\S-1-5-21-2497916168-3026617619-970121635-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C004DEC2-2623-438E-9CA2-C9043AB28508}

    Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

    Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2

    WinAntiVirusPro2006: Settings (Registry value, fixed)
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera

    WinAntiVirusPro2006: Data (File, fixed)
    C:\WINDOWS\system32\stera.job

    Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    MediaPlex: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)


    TagASaurus: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-10-30 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2006-02-06 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2006-02-20 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-10-27 Includes\Cookies.sbi (*)
    2006-10-13 Includes\Dialer.sbi (*)
    2006-10-27 Includes\DialerC.sbi (*)
    2006-10-13 Includes\Hijackers.sbi (*)
    2006-10-27 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2006-10-27 Includes\KeyloggersC.sbi (*)
    2006-10-13 Includes\Malware.sbi (*)
    2006-10-27 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2006-10-27 Includes\PUPSC.sbi (*)
    2006-10-27 Includes\Revision.sbi (*)
    2006-10-13 Includes\Security.sbi (*)
    2006-10-27 Includes\SecurityC.sbi (*)
    2006-10-13 Includes\Spybots.sbi (*)
    2006-10-27 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-10-13 Includes\Trojans.sbi (*)
    2006-10-27 Includes\TrojansC.sbi (*)

    Vundo


    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 1:50:32 AM 10/29/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\hjaweyfu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\qanrylm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\rbxrmhk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\winwil32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\vtsqo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.tmp
    C:\WINDOWS\system32\oqstv.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tuvvuuv.dll
    C:\WINDOWS\system32\tuvvuuv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 9:36:05 AM 10/30/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\pmkhg.dll
    C:\WINDOWS\system32\ghkmp.ini
    C:\WINDOWS\system32\ghkmp.bak1
    C:\WINDOWS\system32\ghkmp.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\dighlmwu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkhg.dll
    C:\WINDOWS\system32\pmkhg.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.ini
    C:\WINDOWS\system32\ghkmp.ini Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
    C:\WINDOWS\system32\ghkmp.bak1 Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.bak2
    C:\WINDOWS\system32\ghkmp.bak2 Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 8:43:59 PM 10/30/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\dighlmwu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\dighlmwu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 8:54:10 PM 10/30/2006

    Listing files found while scanning....

    No infected files were found.
     
    JazBaws, Oct 30, 2006
    #11
  12. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Go here and download KillBox to the desktop. Do not run it yet, we will later in safe mode.
    Make sure you have the latest version of SmitfraudFix(current version is 2.117) Get it from here if you do not have the latest version. We will run it later.

    Run a scan only with HijackThis, check these(if there):

    [bold]O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dighlmwu.dll (file missing)
    O2 - BHO: (no name) - {33D8453A-2CEB-4103-A35F-14C969F2E0D1} - C:\WINDOWS\system32\pmkhg.dll
    O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
    O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
    O20 - Winlogon Notify: pmkhg - C:\WINDOWS\system32\pmkhg.dll[/bold]

    Close all windows except HijackThis, then click "Fix checked".
    Close HijackThis.

    Double-click VundoFix.exe to run it.
    Right click inside the white Window.
    Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
    In the Window: copy/paste the following in the first field: [bold]C:\WINDOWS\system32\pmkhg.dll[/bold]
    Copy/paste the following in the second field: [bold]C:\WINDOWS\system32\pmkhg.*[/bold]
    Click the Add Files button.
    Click the Close Window button.
    Click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on [bold]in safe mode[/bold].

    [bold]Note[/bold]: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

    In safe mode, open Killbox.exe.
    Check "Standard File Kill".
    In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file.
    You will be prompted to confirm, click Yes.

    Note: KillBox may prompt "File does not seem to exist". If so, continue with next file, but do not miss any.

    [bold]C:\Program Files\Common Files\ers_startupmon.exe
    C:\Program Files\Common Files\dc6_startupmon.exe
    C:\WINDOWS\system32\ghkmp.ini
    C:\WINDOWS\system32\ghkmp.bak1
    C:\WINDOWS\system32\ghkmp.bak2[/bold]

    Exit KillBox and restart in normal mode.
    Extract SmitfraudFix to the desktop.
    Open the newly created folder SmitfaudFix.
    Double-click smitfraudfix.cmd
    Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.
    Exit SmitfraudFix.

    Rename HijackThis.exe to any name of your choice.
    Run a new scan with the newly named file and save a new log.

    Post back with the contents of C:\vundofix.txt, the contents of rapport.txt and the new HijackThis log.
     
    Last edited: Oct 31, 2006
    Niobis, Oct 31, 2006
    #12
  13. JazBaws

    JazBaws Member

    Joined:
    Oct 18, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 3:14:26 PM, on 10/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\Owner\My Documents\Applications\HighScan.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {B54AAA8F-4CA2-43CE-A8A6-AD0DE0E37824} - C:\WINDOWS\system32\pmkhg.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161712842455
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: bw+0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {4AAC2032-35A8-40F2-8B05-6088FC2D52E4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SmitFraudFix v2.110

    Scan done at 15:12:22.46, Tue 10/31/2006
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 1:50:32 AM 10/29/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hjaweyfu.dll
    C:\WINDOWS\system32\hjaweyfu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qanrylm.dll
    C:\WINDOWS\system32\qanrylm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rbxrmhk.dll
    C:\WINDOWS\system32\rbxrmhk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\winwil32.dll
    C:\WINDOWS\system32\winwil32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtsqo.dll
    C:\WINDOWS\system32\vtsqo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini
    C:\WINDOWS\system32\oqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak1
    C:\WINDOWS\system32\oqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.bak2
    C:\WINDOWS\system32\oqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.ini2
    C:\WINDOWS\system32\oqstv.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\oqstv.tmp
    C:\WINDOWS\system32\oqstv.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\tuvvuuv.dll
    C:\WINDOWS\system32\tuvvuuv.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 9:36:05 AM 10/30/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\pmkhg.dll
    C:\WINDOWS\system32\ghkmp.ini
    C:\WINDOWS\system32\ghkmp.bak1
    C:\WINDOWS\system32\ghkmp.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\dighlmwu.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\pmkhg.dll
    C:\WINDOWS\system32\pmkhg.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.ini
    C:\WINDOWS\system32\ghkmp.ini Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.bak1
    C:\WINDOWS\system32\ghkmp.bak1 Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ghkmp.bak2
    C:\WINDOWS\system32\ghkmp.bak2 Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 8:43:59 PM 10/30/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\dighlmwu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dighlmwu.dll
    C:\WINDOWS\system32\dighlmwu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.6

    Checking Java version...

    Java version is 1.5.0.2

    Java version is 1.5.0.6

    Java version is 1.5.0.9

    Scan started at 8:54:10 PM 10/30/2006

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmkhg.dll
    C:\WINDOWS\system32\pmkhg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Again Thankyou for all the time you have put into helping me!
     
    JazBaws, Oct 31, 2006
    #13
  14. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Your version of SmitfraudFix is out of date, but it doesn't matter. I think Spybot got all the Smitfraud.

    Let's run AVGAS just incase something is hiding from us. This should be the last scan you'll have to do. :)

    Go here to download the trial version of AVG Anti-spyware. Install and update but do not run a scan yet.

    Fix this with HijackThis.
    [bold]O2 - BHO: (no name) - {B54AAA8F-4CA2-43CE-A8A6-AD0DE0E37824} - C:\WINDOWS\system32\pmkhg.dll (file missing)[/bold]
    Close HjT.

    Delete the VundoFix and KillBox box backup folders located:
    C:\[bold]VundoFix Backups[/bold]
    C:\!Killbox\[bold]backups[/bold]

    Turn off System Restore.
    Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
    Click Apply then OK.

    [bold]Note[/bold]: Save these instructions for safe mode.
    Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
    Open AVG AS and click "Scanner".
    Click "Complete System Scan".
    When it finishes scanning, set all items to "Quarantine".
    Click "Apply All Actions".
    Click "Save Report".
    Click "Save report as" and save it to the desktop.
    If anything was found post the report in your next reply.

    Restart in normal mode.
    Go here and download [bold]CCleaner[/bold].
    You may delete ATF Cleaner if you don't want it. CCleaner will do the same tasks, but it also has a registry cleaner.

    Close all windows.
    Open CCleaner.
    Click Options > Advance > uncheck "Only delete files in Windows Temp folders older than 48 hours".
    Click Cleaner > Run Cleaner.
    After cleaning, click "Issues".
    Click "Scan for Issues".
    After scannning, click "Fix selectes issues...".
    When prompted to backup registry, click "Yes".

    If AVGAS didn't find anything turn System Restore back on and hide hidden folders again.

    How are things, any problems or questions?
     
    Last edited: Oct 31, 2006
    Niobis, Oct 31, 2006
    #14

Share This Page