one problem after another

tremmor

tremmor

Well-Known Member
I just posted about one issue and sure as sheet something else. The computer is a new build. im still loading it up. You will love this one. Never happened before and and a 1st for me. its out of control now. Went to google i think. opened gmail account trying to get rid of and eliminate some junk mail. just investigating. logged out. went back to google and clicked on the gmail account. asked for a username and password. another screen come up. wants to know the secret message. type in my password and read the letters like they want you to type in. then says something about whats the answer to the secret message?

hheeee........your going to love this.
who[s co?k you been suckin.

Ok.......im not always the smartest. BUT..........im at the end of my witts.

I posted this morning about something similar. never had this happen before.

heres my log. im ready for hari-cari. im burned out if i have to low level format.

thaks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:24 PM, on 7/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecsinc1.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ecsinc1.com
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O18 - Protocol: bw+0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 18848 bytes

i think this problem started this morning. When i google i try hard to be safe cause i dont know where im going. The way i do it when surfing and searching i turn off script controls. some places will not let you in without java script controls. sometime i forget to change them back.
thats what im thinking. .........
 
Last edited:
WOW!!!!!

Hello,

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your reply:
  • Post the combo fix log
  • Post a Fresh Hijackthis log

Thankyou
 
thanks for any help.........

ComboFix 08-07-27.5 - User 2008-07-28 4:31:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2821 [GMT -4:00]
Running from: D:\Download\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tmp39.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.

2008-07-27 17:26 . 2008-07-27 17:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-26 17:35 . 2008-07-26 17:35 <DIR> d-------- C:\Program Files\UltraMon
2008-07-26 17:35 . 2008-07-26 17:35 <DIR> d-------- C:\Program Files\Common Files\Realtime Soft
2008-07-26 17:35 . 2008-07-26 17:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Realtime Soft
2008-07-26 17:35 . 2008-07-26 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2008-07-26 13:38 . 2008-07-26 13:38 <DIR> d-------- C:\Program Files\QuickPar
2008-07-22 15:47 . 2008-07-22 15:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\FireShot
2008-07-20 10:18 . 2008-07-20 10:18 <DIR> d-------- C:\Documents and Settings\User\Application Data\RealVNC
2008-07-20 10:16 . 2008-05-12 11:57 20,992 --a------ C:\WINDOWS\system32\vncmirror.dll
2008-07-20 10:16 . 2008-05-12 11:57 4,608 --a------ C:\WINDOWS\system32\drivers\vncmirror.sys
2008-07-19 12:03 . 2008-07-19 12:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\WordWeb
2008-07-19 08:14 . 2008-07-19 08:14 <DIR> d-------- C:\Documents and Settings\User\Application Data\ImgBurn
2008-07-19 08:13 . 2008-07-19 08:13 <DIR> d-------- C:\Program Files\ImgBurn
2008-07-19 07:38 . 2008-07-19 07:38 <DIR> d-------- C:\Program Files\Giganews Accelerator
2008-07-17 17:44 . 2008-07-17 17:44 <DIR> d-------- C:\Documents and Settings\User\Application Data\ScanSoft
2008-07-14 17:00 . 2008-07-14 17:00 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-14 16:55 . 2008-07-14 16:55 <DIR> d-------- C:\Documents and Settings\User\Application Data\Zeon
2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Zeon
2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\Program Files\ScanSoft
2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zeon
2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-14 16:54 . 2008-07-14 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-14 04:17 . 2008-07-14 04:17 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-13 19:25 . 2008-07-27 12:38 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-13 19:25 . 2008-07-27 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-13 19:10 . 2008-07-27 15:38 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-13 19:10 . 2008-07-13 19:10 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-13 19:10 . 2008-07-13 19:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-13 19:10 . 2008-07-13 19:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-13 15:28 . 2008-07-13 15:28 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-13 15:27 . 2008-07-13 15:27 <DIR> d-------- C:\Program Files\Nero
2008-07-13 15:27 . 2008-07-13 15:27 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-13 15:27 . 2008-07-13 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-13 06:54 . 2008-07-13 06:54 <DIR> d-------- C:\Program Files\Sygate
2008-07-13 06:54 . 2004-06-30 15:06 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-07-13 06:54 . 2004-06-30 14:49 59,472 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-07-13 06:54 . 2004-06-30 14:51 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-07-13 06:54 . 2004-06-30 15:06 14,320 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-07-13 06:54 . 2004-06-30 15:06 14,320 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-07-13 06:54 . 2004-06-30 15:06 14,320 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-07-13 06:54 . 2004-06-30 15:06 14,320 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-07-12 14:50 . 2008-07-12 14:51 134 --a------ C:\WINDOWS\I_VIEW32.INI
2008-07-12 12:16 . 2008-07-13 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-12 11:27 . 2008-05-03 04:46 <DIR> d--hs---- C:\Documents and Settings\Admin\UserData
2008-07-12 11:27 . 2008-07-12 11:27 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Logitech
2008-07-12 11:27 . 2008-07-13 07:21 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-12 10:30 . 2008-07-12 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-12 09:08 . 2008-07-12 09:08 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-07-12 09:08 . 2008-07-12 09:08 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-11 19:41 . 2008-07-11 19:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\HP
2008-07-11 19:35 . 2008-07-11 19:48 124,458 --a------ C:\WINDOWS\HPHins12.dat
2008-07-11 19:35 . 2006-06-12 14:31 14,916 --------- C:\WINDOWS\hphmdl12.dat
2008-07-09 19:25 . 2008-07-09 19:25 <DIR> d-------- C:\working
2008-07-08 17:44 . 2008-07-10 18:33 <DIR> d-------- C:\Utilitys
2008-07-07 18:51 . 2008-07-07 18:51 <DIR> d-------- C:\TempDVD
2008-07-07 18:51 . 2008-07-07 18:51 <DIR> d-------- C:\dvdsanta
2008-07-06 20:44 . 2008-07-06 20:44 391 --a------ C:\WINDOWS\COVERE~1.INI
2008-07-06 14:46 . 2008-07-06 14:49 <DIR> d-------- C:\Program Files\IrfanView
2008-07-06 14:24 . 2008-07-26 17:32 <DIR> d-------- C:\Program Files\NewsLeecher
2008-07-06 13:57 . 2008-07-19 08:44 <DIR> d-------- C:\Documents and Settings\User\Downloads
2008-07-06 13:57 . 2008-07-19 08:44 <DIR> d-------- C:\Documents and Settings\User\Application Data\NewsLeecher
2008-07-06 12:35 . 2008-07-13 10:11 280 --a------ C:\WINDOWS\system32\PDBootState
2008-07-06 08:37 . 2008-07-07 18:51 <DIR> d-------- C:\Program Files\dvdSanta
2008-07-06 08:31 . 2008-07-06 08:35 <DIR> d-------- C:\Program Files\WordWeb
2008-07-06 08:31 . 2007-12-01 18:01 1,291,880 --a------ C:\WINDOWS\system32\wweb32.dll
2008-07-06 08:18 . 2008-07-06 08:23 <DIR> d-------- C:\totalcmd
2008-07-06 08:18 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-07-06 08:18 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-07-06 08:18 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-07-06 08:18 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-07-06 08:18 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-07-06 08:18 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-07-06 08:18 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-07-06 08:18 . 2008-07-07 19:10 489 --a------ C:\WINDOWS\wincmd.ini
2008-07-06 08:15 . 2008-07-06 08:15 <DIR> d-------- C:\Program Files\RAXCO
2008-07-06 08:15 . 2008-07-06 08:15 <DIR> d-------- C:\Program Files\Common Files\Raxco
2008-07-06 08:15 . 2008-07-06 08:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-07-06 08:13 . 2008-07-06 08:13 496 --a------ C:\WINDOWS\PDSFMQZ.QFZ
2008-07-06 08:12 . 2008-07-09 19:21 <DIR> d-------- C:\Program Files\Webshots
2008-07-06 08:12 . 2008-07-09 19:22 5,760,054 --a------ C:\WINDOWS\webshots.bmp
2008-07-06 08:12 . 1999-08-28 14:36 671,744 --a------ C:\WINDOWS\Webshots.scr
2008-07-06 08:12 . 1999-08-28 13:23 28,672 --a------ C:\WINDOWS\WebshotsUninstall.exe
2008-07-06 08:12 . 2008-07-26 18:26 1,264 --a------ C:\WINDOWS\webshots.ini
2008-07-06 08:12 . 2008-07-06 08:12 496 --a------ C:\WINDOWS\HMDEXZC.SRF
2008-07-06 08:10 . 2008-07-08 19:45 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-06 08:10 . 2008-07-06 08:11 <DIR> d-------- C:\Program Files\CCleaner
2008-07-06 08:07 . 2008-07-06 08:07 <DIR> d-------- C:\Program Files\ISO Commander
2008-07-06 06:58 . 2008-07-06 06:58 <DIR> d-------- C:\Documents and Settings\User\Application Data\Logitech
2008-07-06 06:52 . 2008-07-06 06:52 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2008-07-06 06:52 . 2006-05-10 09:56 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2008-07-06 06:51 . 2008-07-06 06:52 <DIR> d-------- C:\Program Files\Logitech
2008-07-06 06:51 . 2008-07-06 06:51 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-07-06 06:51 . 2006-05-25 00:12 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-06 06:51 . 2006-05-25 00:12 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-06 06:51 . 2006-05-25 00:12 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-06 06:51 . 2006-05-10 09:48 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-07-06 06:51 . 2006-05-10 09:56 71,680 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-07-06 06:51 . 2006-05-10 09:56 56,064 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-07-06 06:51 . 2006-05-25 00:12 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-06 06:51 . 2006-05-10 09:56 27,264 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2008-07-06 06:51 . 2006-05-25 00:53 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2008-07-05 20:14 . 2008-07-05 20:14 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-07-05 19:42 . 2008-07-05 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-05 19:40 . 2008-07-05 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-05 19:39 . 2008-07-05 19:39 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-05 19:35 . 2006-05-16 02:25 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-07-05 19:35 . 2006-05-16 02:17 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-05 19:35 . 2006-06-03 21:29 48,128 --a------ C:\WINDOWS\system32\hpz3l4pi.dll
2008-07-05 19:35 . 2006-05-16 02:17 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-05 19:34 . 2008-07-12 09:08 <DIR> d-------- C:\Program Files\HP
2008-07-05 19:34 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-07-05 19:34 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-07-05 19:34 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-07-05 19:34 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-07-05 19:34 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-07-05 19:34 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-07-05 19:34 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-07-05 18:58 . 2008-07-05 18:58 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-05 18:58 . 2008-07-05 18:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-05 18:58 . 2008-07-05 18:58 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-05 18:58 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-05 18:58 . 2008-07-05 18:58 376 --a------ C:\WINDOWS\ODBC.INI
2008-07-05 16:34 . 2008-04-28 18:10 61,952 --a------ C:\wol.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-06 10:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 16:19 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-04 16:19 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-04 16:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 16:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:42 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-06 06:52 32768]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-28 00:21 138008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 01:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 01:46 86016]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-28 09:56 122880]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-06-30 16:56 2376928]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-13 19:10 1232152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27 304640]
"nwiz"="nwiz.exe" [2008-05-03 01:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="SPIRun.dll" [2006-07-03 00:43 10752 C:\WINDOWS\system32\SPIRun.dll]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 94208 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\WebshotsTray.exe [2008-07-06 08:12:12 188416]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-06 06:51:49 593920]
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [2008-07-06 08:31:44 44384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atchk]
-ra------ 2007-06-28 00:18 404248 C:\Program Files\Intel\AMT\atchk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2005-12-12 09:36 143360 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 08:42 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2007-06-28 00:21 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2007-06-28 00:22 142104 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 22:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2007-06-28 00:17 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2007-06-28 00:17 16132608 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-13 19:10]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-28 00:18]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-13 19:10]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-13 19:10]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-13 19:10]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 00:53]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-06-28 00:18]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 21:22]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-06-28 00:18]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 21:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.ecsinc1.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 04:32:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
P17Helper = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-28 4:33:27
ComboFix-quarantined-files.txt 2008-07-28 08:33:22

Pre-Run: 236,286,742,528 bytes free
Post-Run: 236,343,750,656 bytes free

248 --- E O F --- 2008-07-04 02:37:38
 
Why did we run a combofix when he had nothing major in his hijack this log? A missing file and a toolbar woot thats a lot lets run combofix seriously coehn STOP REPLYING TO THESE THREADS! Tremmor i'm sorry you wasted your time on the combo fix as in the case of your log it did nothing but delete one temporary internet explorer file... sheesh he has no idea what he is doing sorry you wasted your time on that... Please rerun and repost you hijack this so we can see it after combofix was run..
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:22 PM, on 7/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecsinc1.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ecsinc1.com
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O18 - Protocol: bw+0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 18848 bytes
 
Ok i'm going to reccomend the following...

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

This file is missing run a scan and check this box to remove it... also..

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

This line is sketchy to me i would remove it but thats up to you... Its a form of cool websearch and tried to disguise itsself as windows...

Tell hijack to remove those and then rerun the scan please.
 
i deleted it. thanks.........

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:37 PM, on 7/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ecsinc1.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.ecsinc1.com
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15102/CTPID.cab
O18 - Protocol: bw+0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {A21A0889-55EC-4C8B-8776-0CAA71E962B4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 18664 bytes
 
Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
I could not delete the virus it did detect. (no options). I tried to capture the screen but did not work the way i wanted it to. only thing i have now after the scan is this.
thankyou. i'll be back.
Scan statistics
Files scanned 176536
Threat names 3
Infected objects 11
Suspicious objects 0
Duration of the scan



Start scan
Scan is running (93%)
Click the area that you want to scan in left part of the window. The scan will start automatically as soon as you select a scan area.
Last start: 7/28/2008 18:00:11
Status: complete
 
Have you ran a spyware cleaning utility like adaware and spybot search and destroy? Might reccomend those as well as running ccleaner... Also anyreason you have logitec desktop messenger installed on your pc? This is an uncecessary feature and it takes up a lot of resources and can potentially grab and send your information out to companies...
 
I run but took off spybot that was keeping certain programs from running. I use avg free. I recently uninstalled avg and installed Mcafee from comcast with the same results. Im curious of Kaspersky free was suppose to ged rid of it, or just find it. On the lighter side the virus it did detect was on a secondary drive and not installed. i deleted it. i'll run again tonight.
As far as the proggy you mentioned i will uninstall now. it was installed during the build for updates. no i don't need it.

thanks
 
Codeman, in this case I'm very satisfied with the ComboFix.

@tremmor, found many infections here, one of them is a Trojan Backdoor. I hope you understand how dangerous for you and your computer such virus is.
If you're doing any banking or have any important data/passwords on your computer, I suggest you reformat your computer.

If you're ready to take the risk, let's delete those malware.

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Drivers to unload:
C:\WINDOWS\system32\drivers\vncmirror.sys

Files to delete:
C:\WINDOWS\system32\vncmirror.dll
C:\WINDOWS\system32\drivers\vncmirror.sys
C:\WINDOWS\PDSFMQZ.QFZ
C:\WINDOWS\HMDEXZC.SRF
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 
i thank you very much. I know what the issues were and why.
want to know...........its not a secret..........hanging out downstairs and my fault. (basements gutters, and newsgroup binaries). oh well, i just formated.
My fault. I love your comment gamemaster. I myself have a straight shooter computer.
Laptop for credit cards and business.

Ill be back. ............ got to love this place.
Everybody wants to play.

tremmor
 
You must log in or register to reply here.
Back
Top