Doing Security Cleanup, HijackThis Analysis please

[munkyeetr]

I'm cleaning my girlfriends computer, so far I have done the following scans:

Spybot S&D (0 infections found)
Ad-Aware 2007 (2 Critical, 61 Privacy Found - All Removed)
Avast AV Full System Scan (16 infections found and removed)
Antivir AV Full System Scan (1 infection found and removed)
RegSeeker Registry Scan (over 3000 entries removed)
CCleaner (Removed about 450MB of files)
RegCleaner (12 entries removed)

I have just run Hijackthis and would appreciate someone with experience giving it a look through. I renamed Hijackthis.exe to swat.exe and ran it from the Program Files directory.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:58:16 PM, on 7/15/2099
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\swat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "F:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "F:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Copy to Semagic - F:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - F:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://tickers.tickerfactory.com/ez...Snow+Bride+Tour+Begins/dt/-3/k/9bb5/event.png
O24 - Desktop Component 1: (no name) - http://www.google.com/calendar
O24 - Desktop Component 3: (no name) - http://www.google.com/calendar/render?pli=1
--
End of file - 4843 bytes

 

[patrickv]

I have been trying to read log files but they keep on beating the hell out of me, nothing wrong with running processes, hey whats this ?

O24 - Desktop Component 0: (no name) - http://tickers.tickerfactory.com/ezt...9bb5/event.png

 

[munkyeetr]

O24 - Desktop Component 0: (no name) - http://tickers.tickerfactory.com/ezt...9bb5/event.png

That's a little desktop doodad my girlfriend was using to countdown the days until here show goes on stage. She's doing the Winnipeg Fringe Festival! But, yeah, that's what that is. I'll probably remove that, seeing how she left for WInnipeg yesterday.

Thanks for looking it over, patrickv. I know there's a lot of request for these to be looked at.