sharlock

Hi,
Could someone please help me get this trojan off my pc. I know everyone needs hel but this is really urgent. I am in the middle of assignments and this couldn't have happened at a worse time. Avira is finding C;\WINDOWS\TEMP\logishrd\LVPcInj01.dll repeatedly ran a hijack this and I did remove these 3 things R01 I think was the code. but it kept coming back.
Here is my latest hijack this,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:58 PM, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.127.49.133/activex/AMC.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-3c5a55fc81bf69c7.spaces.l...d/MsnPUpld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_04) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://131.156.107.87/activex/AMC.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - https://bigpondmusic.com/activex/multidownx.cab
O18 - Protocol: bw+0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {F9310D14-DB27-43AE-B4C4-DE8C88789B0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 21438 bytes

sharlock

This is my latest combo and avira logs
COMBOFIX
ComboFix 09-04-28.02 - User 29/04/2009 18:53.14 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.503.220 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 07:33 . 2009-04-29 07:33 -------- d-----w c:\documents and settings\User\DoctorWeb
2009-04-22 02:11 . 2009-04-22 02:13 -------- d-----w c:\program files\Cute CD DVD Burner
2009-04-20 20:06 . 2009-04-20 20:06 -------- d-----w c:\program files\Sony
2009-04-17 21:30 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 21:30 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 21:30 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 21:30 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 21:30 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 21:30 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 21:30 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 21:30 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 21:30 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 21:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 21:21 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-29 06:43 . 2009-04-29 06:40 109080 ----a-w C:\ARK2F.tmp
2009-04-20 20:06 . 2007-01-17 06:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-13 22:22 . 2007-03-09 08:33 -------- d-----w c:\program files\Lx_cats
2009-03-27 11:17 . 2007-07-23 00:27 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-25 13:38 . 2007-02-06 04:23 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 11:27 . 2009-03-21 11:15 -------- d-----w c:\program files\7-Zip
2009-03-13 14:55 . 2007-05-07 00:26 -------- d-----w c:\program files\Apple Software Update
2009-03-13 10:05 . 2009-03-13 10:04 -------- d-----w c:\program files\Safari
2009-03-13 09:47 . 2008-02-17 05:30 -------- d-----w c:\program files\iTunes
2009-03-13 09:46 . 2008-02-17 05:31 -------- d-----w c:\program files\iPod
2009-03-13 09:46 . 2008-02-17 05:15 -------- d-----w c:\program files\Common Files\Apple
2009-03-13 09:42 . 2008-02-17 05:29 -------- d-----w c:\program files\Bonjour
2009-03-13 09:41 . 2008-02-17 05:28 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 09:06 . 2008-11-13 09:29 -------- d-----w c:\program files\APEL
2009-03-04 08:30 . 2007-03-02 23:10 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-03 00:18 . 2006-02-28 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 01:39 . 2007-03-25 12:21 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-20 18:09 . 2006-02-28 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2006-02-28 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-02-28 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-02-28 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-02-28 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2006-02-28 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 07:03 . 2007-01-03 01:03 23664 ----a-w c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-07 09:02 . 2004-08-03 22:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2006-02-28 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2006-02-28 12:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2006-02-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-04 12:46 . 2007-02-03 06:50 23664 ----a-w c:\documents and settings\User\Application Data\GDIPFONTCACHEV1.DAT
2009-02-03 19:59 . 2006-02-28 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2008-01-25 32768]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-27 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-04 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LogitechCameraService(E)"="c:\windows\system32\El kCtrl.exe" [2004-11-01 262144]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-09 136600]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXCFtime.dll" [2005-04-27 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-28 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-04 39408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-1-25 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-5 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-1-28 745472]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-02-01 06:25 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-01 16:42 72208 ----a-w c:\program files\common files\logitech\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"c:\\kav\\kav7.0\\english\\setup.exe"=
"c:\\kav\\Kaspersky Internet Security 7.0.1.325\\english\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-07-06 96520]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-07 873752]
R3 S12345;S12345; [x]
R3 s3chipid;s3chipid; [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\ avgrkx86.sys [2008-07-06 12936]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-06-05 55024]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 231192]
S2 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2008-07-06 76040]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]


--- Other Services/Drivers In Memory ---

*Deregistered* - DwShield000065BB
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://131.156.107.87/activex/AMC.cab
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxps://bigpondmusic.com/activex/multidownx.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\xq1ek4xt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.telstra.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(6872)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-29 18:58
ComboFix-quarantined-files.txt 2009-04-29 08:57
ComboFix2.txt 2009-04-29 06:48
ComboFix3.txt 2009-03-29 07:18
ComboFix4.txt 2009-03-25 09:27
ComboFix5.txt 2009-04-29 08:52

Pre-Run: 61,955,420,160 bytes free
Post-Run: 61,948,649,472 bytes free

194 --- E O F --- 2009-04-18 02:15

AVIRA
Avira AntiVir Personal
Report file date: Wednesday, 29 April 2009 17:49

Scanning for 1370126 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: USER-3B41648A9E

Version information:
BUILD.DAT : 8.2.0.348 16934 Bytes 3/23/2009 13:44:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/26/2008 03:50:23
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/25/2008 23:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 04:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/25/2008 23:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 04:07:17
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 14:40:19
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 4/16/2009 06:50:50
ANTIVIR3.VDF : 7.1.3.125 217088 Bytes 4/29/2009 06:51:22
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/31/2009 07:25:45
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 4/25/2009 06:51:18
AESCN.DLL : 8.1.1.10 127348 Bytes 4/4/2009 06:49:32
AERDL.DLL : 8.1.1.3 438645 Bytes 11/6/2008 03:58:32
AEPACK.DLL : 8.1.3.14 397685 Bytes 4/18/2009 06:51:08
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 08:37:05
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 4/25/2009 06:51:12
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 08:36:30
AEGEN.DLL : 8.1.1.39 348532 Bytes 4/25/2009 06:50:43
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/16/2008 00:28:55
AECORE.DLL : 8.1.6.9 176500 Bytes 4/15/2009 06:50:01
AEBB.DLL : 8.1.0.3 53618 Bytes 10/16/2008 00:28:45
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 00:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 01:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 4/21/2009 06:50:06
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 03:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 00:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 04:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 09:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 04:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 04:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 05:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 05:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, 29 April 2009 17:49

The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'RtlWake.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '63' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\User\My Documents\WoW-2.0.0-enUS-Installer\DirectX\DirectX.cab
[0] Archive type: CAB (Microsoft)
--> vjoyd.vxd
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '481fbd75.qua'!


End of the scan: Wednesday, 29 April 2009 18:49
Used time: 1:00:43 Hour(s)

The scan has been done completely.

8752 Scanning directories
214353 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
214351 Files not concerned
2035 Archives were scanned
3 Warnings
1 Notes

Respital

***************IMPORTANT: Please read before posting********************

__________________
Winner of Photo Tourney: Twilight
/My Rig:/
/Case :/ Antec Sonata III
/Power Supply :/ Antec Earthquake 500W
/Motherboard :/ Gigabyte P35-DSR3
/Processor :/ Intel E6850@3.4Ghz
/Ram :/ Consair 2x 1 Gb 800mhz
/Video Card :/ Zotac 8800 GT
/Monitor:/Samsung T220 w 20 000 : 1 Contrast and 2ms response time
/3DMark06 Score :/ 11730

lawson_jl

First thigns first hijack this doesn't remove anything. In fact highjack this doesn't really do anything at all except give you a log that 100 other programs can do. You should run Malwarebytes to fix the problem. That will mostly take care of it.

__________________
Any answears I give are free and without warrently. I answear questions from the point of view of a working computer tech because that what I am.

sharlock

Thankyou for your help. I ran malware bytes but it did not detect anything. The Logishrd trojan is also not being detected by avira anymore now it is ark4 trogen gen that avira is picking up. I accidentally replied to an old thread mistaking it for this one so please ignore the other one in my name I don't know how to close it. I should tell you that I tried 'cure it' as well and it also did not detect anything.

sharlock

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

30/04/2009 7:45:52 PM
mbam-log-2009-04-30 (19-45-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 142589
Time elapsed: 2 hour(s), 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sharlock

Hi guys,
I scan with Avira all the time now as it is the only one picking up the trojan. As I mentioned earlier it now goes under the name ARK and is followed by a number. Everytime I remove it, it comes straight back but the number changes each time. Any suggestions>

sharlock

ok, I will just continue to update till someone is able to help me. Well it seemed to move into a file called ARKCA for a while (and then it stopped bothering me for a while I don't really know which of the many) things I have tried did that but I know Avira seems to be the only program picking it up. Last night I was typing when the keys stopped working, I closed it down and then ran combofix which said it would remove the logishard file but it mustn't have because now I have the original issue back with having to quarantine the trojan every minute. Not sure what to do?and it is showing up back in the logishard file. I don't know what either of these files are for, whether I can delete them or even how to.

Jamin43

I had a nasty trojan on a PC about a year ago - and the only thing that took it off my drive was Housecall from Trend Micro. I

t's a free online scan - and it fixed the problem for me first run. The scan took a couple hours to run the whole scan - but my PC is pretty old - and that could have been a factor.


http://housecall.trendmicro.com/

It was recommended on the Kim Komando PC guru radio program.

sharlock

thankyou!!!! I will try it now.