[RESOLVED] HELP!! I have the Auroa virus too....

Forums: Computers
Email this Topic • Print this Page

howdy, i'm very new to this forum but i really need help on this one. I just ran HJT on my computer and i know i have the aurora virus so here's the log it came up with...any help would be greatly appreciated. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:23:01 PM, on 6/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
c:\windows\system32\jcchvpq.exe
C:\WINDOWS\System32\huhuha.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Spysweeper\SpySweeper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\vhugacpqv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Cowgal\LOCALS~1\Temp\Rar$EX00.437\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [rlhazr] c:\windows\system32\jcchvpq.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Spysweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110324928000
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: bw+0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,394 • Replies: 6

No top replies

UPDATED YUCKWARE REMOVAL PRELIMINARY STEPS
PLEASE DO ALL OF THIS BEFORE POSTING A HIJACKTHIS LOG

Over the past year or so, the yuckware problem has continued to grow exponentially, almost beyond belief. Here at A2K, we've helped innumerable folks clean the crap off their systems and prevent re-infection. The purveyors of the crap have become increasingly sophisticated, and the yuckware has gotten trickier and trickier to detect, defeat, and destroy.

Prevention is always the best defense, but even that doesn't work all the time. If you are infested - your browser or search function has been hijacked, you're swarmed with popups/popunders, and "Targeted Ads", or the like - carefully following the updated steps outlined below well may cure your problem, and at the very least will make it much, much easier for the gurus here to handle whatever might be left over.
Here are the essential, basic get-ready steps to take if you suspect a yuckware issue. This particular procedure is specific to Windows systems only, and slanted to Win 2K or later; if you are running any other Windows operating system, some of the following recommendations - the ones marked "(WIN 2K/XP ONLY)" won't work for you. Skip them and do the rest.

Print out these instructions, and don't do anything without fully understanding how to step through this procedure.

If anything is unclear, ask. If any of the links don't work, report that here as soon as you are able. When you're ready to go, and have completed the downloads, updates, configurations, and online scans, follow the steps in order. If, while following the steps below, you should get an error message, try to to report just what you and your machine were doing at the time of the error, what, if anything, you did about it, what the results were, and as close to the EXACT error message you received, not something like "I was doing fine, then all of a sudden I got some sort of error message". Be as specific as possible.

First, update your own resident antivirus and run a full system scan. If you have an expired subscription to a paid antivirus, either renew your subscription, or uninstall the expired version and acquire an antivirus which can be updated to current engine and pattern files. Any of the major name brand applications will work fine. If for some reason you don't wish to pay for a subscription, the following are downloadable free antivirus applications from reputable vendors. The free versions offer adequate basic protection, but will lack certain configuration and convenience features common to paid antivirus apps. Your choice, but whatever, get, update, configure and maintain (per the app's instructions) a current antivirus before going any further, and have it run a full system scan.

AntiVir Free Personal Edition

Avast! 4 Free Home Edition

AVG Free Personal Edition

If you have Ad-Aware SE, HiJackThis, Microsoft AntiSpyware, Spybot S&D, or SpywareBlaster installed, I suggest you uninstall them via their own uninstall utilities, or through Add/Remove Programs, and redownload the latest versions. If you are sure you have the latest versions, you can just update them if you wish, and configure them as detailed in their respective sections below ... your call, but I do recommend starting fresh. As for the other tools linked here, if you have any version of them installed, it really is best to uninstall your copy and start fresh, to be sure of having the latest version.

Be certain you have the latest version of HiJackThis, and that it is installed to a folder of its own either in your Programs file or directly on your root drive. If you have already installed HiJackThis, be certain its in its own folder, as described, and not a temporary or desktop folder. Launch the application, then, from its splash screen, choose "Miscellaneous Tools", or from the main start page, select "Config", then select "Search for updates online", confirm, and be sure your's is the latest version. Don't run a scan or fix anything yet. When running HiJackThis to scan or fix things, run it from its own folder, WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING

Go to Windows Update and check to make certain there are no outstanding high-priority updates for your system.

Run the Microsoft Windows Malicious Software Removal Tool (WIN 2K/XP ONLY) .

Download, install, and update Microsoft AntiSpyware Beta (WIN 2K/XP ONLY). Just install it and update it (when the program has installed, select "File" at the top left-hand side of the page, and click "Search for updates ... "), don't run it yet. When the update has been completed, just close the application without running a scan yet.

Download LSP-Fix. Just download it to a convenient to find place on your machine; it may or may not be needed, but if it is needed, you'll want to find it easily. Sometimes removal of yuckware will result in your not being able to connect to the internet. If this happens, LSP-Fix should take care of the problem. Be sure to read and understand (good idea to print out) the application's DOCUMENTATION so you know what to do if it becomes necessary.

Download STINGER. Again, just download it right now; we'll use it later. See this TUTORIAL.

Download, install, and update Ad-Aware SE Personal. Just install and update it (when the program has installed, click the blue-green "Planet" icon, second from the right at the top of the screen, to run the auto-update function, and follow the prompts to update the application); don't run a scan yet.

When it has updated, click on the orange-ish "Gear Icon" (second-from the left at the top right-hand side of the window) to open the Ad-Aware configuration utility.

Under the "General" tab, all radio buttons should be green; if not, click to activate them.

Click the "Scanning" bar at the left of the page. Under "Drivers, Folders & Files", only the "Scan within archives" button should be green. Under "Memory & Registry", all buttons should be green.

Click the "Advanced" bar. Under "Shell Integration", "Move deleted files to Recycle Bin" should be green, and its your call whether you want to add "Scan with Ad-Aware to Explorer".

Under "Logfile Detail Level", all 3 buttons should be green.

Under "Alternate Data Streams", both buttons should be red.

Skip the "Startup", "Default", and "Interface" bars for now.

Click the "Tweak" bar. Click the plus-sign to open "Scanning Engine". "Unload recognized processes ... ", "Obtain command line ... ", and ""Scan registry for all users ... " should be green, "Run scan as background ...", "Ignore spanned files ...", and "Use permanent ... " may be left red.

Click to open "Cleaning Engine". The first 5 buttons should be green ("Automatically check ...", "Always try ...", "During removal ... ", "Let Windows remove ... ", and "Delete quarantined ..."} should be green, the remaining 3 ("Suppress warning ...", "Suppress progress ..." and "Disable manual ...") should be red.

Skip the remaining bars, click "Proceed", then close Ad-Aware WITHOUT RUNNING A SCAN.

With Ad-Aware closed, download Ad-Aware's VX2 Cleaner Plugin, and install it per instructions found on the download page. read the instructions carefully so you'll know how to run the plugin when required. Do not run it, or Ad-Aware, yet; just exit back to your desktop.

Download, install, and update Spybot S&D. Just install and update it (when it installs, the program will give you the option to "Download all updates" - let it do so), don't run it yet. READ THE TUTORIAL. When the program has been installed and updated, select "Immunize", click the green "+" plus-sign symbol at the top of the page to install Spybot's immunization, and follow any prompts. On that same page, click to place a checkmark in the "Browser Helper to block bad downloads ... " button, then, from the dropdown below that, select "Block all bad pages silently". While you have Spybot open it would be a good time to read the tutorial available under the Help file at the top left-hand corner of the page. When done, don't run a scan yet, just close the application.

Download and install the trial version of EWIDO Security Suite (WIN 2K/XP ONLY). Again, just install and update it (when it installs, it will ask to be updated - let it. If for some reason you miss the opportunity, select "Update" from the program's start page and manually update it). Do not scan yet.

Download CWShredder, and unzip it to your desktop, but don't run it yet.

Download NAILFIX. Just download it and unzip it to a folder on your desktop; don't do anything with it right now.

Download AboutBuster 5.0, unzip it to a folder on your desktop, and read the accompanying text file. Launch and update the application, but don't run it yet; when the update has completed simply close the application and exit to your desktop.

Download CCleaner[/i][/u] (WIN 2K/XP ONLY). Just download it to a convenient-to-locate spot (your desktop is fine for now), don't do anything with it yet; we'll be using it a a few times later in this process. If you are running Windows ME or earlier, use Cleanup! 4 - be sure to read the FAQ HERE.

Download DelDomains.inf. When it has downloaded (should take just a few seconds), click on the file to run it. If the link above displays text instead of downloading the file, then copy & paste the text into notepad and save the file as DelDomains.inf. To use it, right-click and select "Install". Note: This will remove all entries in your "Trusted Zone" and "Ranges".

Download, install, and update Javacool Software's SpyWareBlaster. When the update has completed, select "Enable all protection", and exit back to your desktop. SpywareBlaster does not need to be running for its protection to be active, but you should should launch it at least weekly to check for updates. Read the FAQ HERE

Next, configure Windows Explorer to Show All Files

Perform at least 2 of the following free online virus scans (with your own resident antivirus disabled):

Trend Micro Free Online Scan

Panda Free Online Scan

BitDefender Free Online Scan

Symantec Free Online Scan

Kaspersky Free Online Scan

StopSign Free Online Scan

RAV Free Online Scan

McAfee Free Online Scan

IMPORTANT: DISABLE ANY OTHER ANTIVIRUS YOU MAY HAVE ON YOUR MACHINE BEFORE RUNNING ANY OF THE ONLINE SCANS. Also, if you have any popup blocking, adblocking, or actively running antispyware application, disable those as well; they can interfere with online virus scans. Should an online scan report it has detected something it cannot repair or remove, please copy the exact message received and save it to post to your help request thread at the appropriate time.

If you are running Win ME or Win XP, make sure your Windows and your programs other than your browser are operating properly, then disable System Restore. Again, be sure everything else works as it should before you do this, as you will remove your previous restore points.

Disable/re-enable System Restore, Win XP

Disable/re-enable System Restore, Win ME

Remember this procedure, so you can re-enable System Restore when your machine is finally clean., but do not re-enable System Restore until your system really is clean.

Now, Boot Into Safe Mode. The following steps are to be carried out in safe mode until the series is completed, and you are advised to reboot normally.

Once booted into safemode, locate Stinger and run it, selecting "Fix". The process may take a fair while to complete - be patient, let it run to the end.

Locate "NAILFIX", and click on "Nailfix.cmd". Your desktop and icons will disappear and reappear, and a window should open and close very quickly.

When NAILFIX has run, locate and run AboutBuster 5.0; if either app prompts you to reboot, do so, then go on to the next step, otherwise, don't reboot.

When AboutBuster 5.0 has completed, locate and run CWShredder, selecting the "Fix" option. Don't reboot unless prompted to do so.

Locate EWIDO, run a full system scan (which might take an hour or more), allow EWIDO to fix whatever it can, and save the log to post back here. When EWIDO has completed, reboot.

Locate and run CCleaner. When it opens, select "Analyze", let it scan through your system (should be just a couple minutes), then select "Run Cleaner", confirm you wish to delete files, and follow nay onscreen prompts. When that cleanup is complete, click on the 3rd tab , "Issues", and select "Analyze". When the analysis has completed, select "Fix selected issues .... ", and confirm when prompted. The application will offer to write a registry backup - let it do so. It will offer to place the backup in your "My Documents" folder - select "New Folder", name the folder "CCleaner Backups", and click "Save". Reboot.

Locate Microsoft AntiSpyware Beta, and launch it. At the top of the screen, select "Tools", then select "Advanced Tools" and select "Browser Hijack Settings Restore". At the bottom right of the list, click "Check All", then click "Restore". When the restore has completed, select "Spyware Scan" from the top right of the page, then select "Scan Options, and make sure "Full System Scan" and all 3 of its boxes are checked, then click "Run Scan Now". This shouldn't take very long, but 15 minutes to half an hour would be common. When the scan and repair have completed, reboot.

Locate Ad-Aware SE, and launch it. Click the "Add-ons" bar, locate, and run the VX2 Cleaner plugin. When that has been completed, close then relaunch Ad-Aware SE, select "Scan Now", select "Use custom scanning options", select "Next", and allow the scan to complete - which could take a good long while. When it has completed, have it fix all it has found, then close the application. If it requests permission to run again on reboot, permit it and reboot.

Locate and launch Spybot S&D, click "Check for problems", and be patient while it scans. Allow it to fix anything it finds that it lists in red. If it requests permission to run again on reboot, permit it and reboot.

When Spybot S&D has finished, run CCleaner once more. When CCleaner has finished, BOOT NORMALLY, not into safemode. Do not connect to the internet yet, and do not re-enable System Restore.

Disable your resident antivirus if not still disabled, then run full system scans with EWIDO (if you are running Win2K or XP) - save the new EWIDO logfile, naming it "2cnd", or something like that), Microsoft AntiSpyware (if you're running Win XP), Ad-Aware, and Spybot S&D, allowing each to fix whatever, if anything, needs fixing.

Run CCleaner or Cleanup, as applicable, once more, then reboot nornally again. Do not connect to the internet.

Close all running applications, and run HiJackThis WITH NO OTHER BROWSERS, WINDOWS, FILESHARING, EMAIL, OR MESSAGING APPLICATIONS OPEN OR RUNNING, fixing nothing, just saving the log. Now, re-enable your resident antivirus, run another full system scan, then reconnect to the internet (use LSP-Fix per its instructions if you cannot connect). Once connected to the internet, navigate to your A2K yuckware help thread, or open one if you have not already done so, give a brief description of your problem, paste both of EWIDO logs (if you are running Win 2K or XP) and the latest HiJackThis log to your own help request thread. Also include any error messages or "could not fix" reports you may have received. Do not re-enable System Restore yet; we may not be done.

0 Replies

That dosen't work. it's still on my computer and i'll be damned if i DL all those spyware programs.....

0 Replies

Oh, it works (incidentally, Aurora is a trojan, not a virus) - its about the best fix there is for Aurora and a number of other problems you have there, both associated and ancillary, but whatever. Have it your way. Yours would be the first instance in which it hasn't worked. You might be interested in THIS POST. Another Aurora-specific reference may be found HERE, and yet another HERE. But again, whatever; its your computer, its your problem, its your call.

You have multiple infections there apart from Aurora, and a number of other problems besides (some of which might be masking still other problems), including major problems with your startup folder, which, among other things, will really slow things down, and cause system instability. I note also there's a huge mess in your Extra Protocols, apparently related to otherwise unobjectionable software (though first appearances can be deceiving - it could be a result of yuckware), which really needs fixing, but there's not much point going after that until the system has been cleaned up quite a bit.

If you want a quickfix that MAY remove Aurora but WILL NOT remove its accumulated clutter, nor do anything about the other problems, nor will it in any way address the vulnerabilities and insecure settings that render your machine wide open to infestation, you can try Aurora/Direct Revenue/ABI's own removal process, available HERE. Be advised there are major reservations within the yuckware removal community about that process (See THIS POST, and its follow-on HERE for more info).

Your call.

0 Replies

hmmmm

0 Replies

OK...just as asked I have performed all of the above and here are the results.....

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:24:47 PM, 7/1/2005
+ Report-Checksum: A9E886A2

+ Date of database: 7/1/2005
+ Version of scan engine: v3.0

+ Duration: 38 min
+ Scanned Files: 186636
+ Speed: 80.75 Files/Second
+ Infected files: 13
+ Removed files: 13
+ Files put in quarantine: 13
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
G:\
Z:\

+ Scan result:
C:\Documents and Settings\Cowgal\Cookies\cowgal@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Cowgal\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Cowgal\Cookies\cowgal@indiads[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Cowgal\Local Settings\Temp\temp.fr5D8F -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\WINDOWS\hosts -> Trojan.Qhost.k -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\lspdash.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\vhugacpqv.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup

::Report End

EDWIDO Scan 2

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:03:57 PM, 7/1/2005
+ Report-Checksum: 26B9488F

+ Date of database: 7/1/2005
+ Version of scan engine: v3.0

+ Duration: 43 min
+ Scanned Files: 182846
+ Speed: 70.41 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
G:\
Z:\

+ Scan result:
No infected files found!

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 3:10:44 PM, on 7/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spysweeper\WRSSSDK.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Spysweeper\SpySweeper.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Cowgal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wwwgoogle.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://wwwgoogle.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Spysweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110324928000
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O18 - Protocol: bw+0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Spysweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Let me know if i missed something while doing all this..thanks again

0 Replies

Its really best to have HiJackThis running from a folder named HijackThis either in C:\Programs, or, better yet, directly on your C:\ Drive, but OK for now if its in your Documents and Settings folder, I suppose. And you really should update your Windows to SP2. If downloading it is a pain, you can get a free SP2 disc HERE

Anyhow, as for your logs, looks like its going pretty well; lotsa stuff was fixed. Now, lets do some general cleanup and then take another look at your system.

With no other programs running, or browsers, windows, email, or chat clients open, run HiJckThis again, and place a check next to each of the following:

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - This just loads your RealTek sound configuration utility at startup, and places an icon in your system tray. You can access the utility whebnever you want to from Start>Programs. Removing it will free some resources, and not hinder your sound capabilities at all.

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe - this is HP software calling home for updates - absolutely unnecessary, and can be a resource hog. You want this gone.
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe Ditto

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit - this just places an icon for your NVidia video adapter in your system tray; again, unnecessary, you can access your NVidia configuration software via Start>Programs any time you want it. Removing it won't impact your video at all, and will free some resources.

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe - this just places a WinAmp icon in your system tray, and drags WinAmpp along on startup. You can invoke winamp whenever you actually want it from its desktop icon or from Start>Programs. Removing it will free up some resources, and speed your boot and shutdown a tad.
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe - pretty much the same story. It does "protect" WinAmp from being replaced as default media player, but you can do that yourself. Removing will free up some resources.

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - this would be a judgement call; I use it myself. However, its of real use only to folks who are heavily into graphics and calibrate their monitors, but for most home users it serves no real function. Clearing it will free up some resources, but if you actually use it, leave it, of course.

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe - this more or less just enables your Logitech software to call home. Getting rid of it will not impact your Logitech peripherals at all, and will free up resources. I definitely recommend removing it (and it appears related to another problem you have - more on that next)

O18 - Protocol: bw+0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {36C5E8B9-58F5-4E6B-85FD-B967A743E4DB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll - something very odd going on here with Logitech Desktop Messenger (which, as mentioned, serves no good purpose). Check off each one of these for HJT to remove. be sure you check off every reference to \Logitech\Desktop Messenger

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\APACHE.EXE" -k runservice (file missing) - this is a registry entry which refers to a file which does not exist. You want to get rid of this.

Now, click "Fix Checked", and allow HJT to do its job. When it has completed, IMMEDIATELY reboot into safemode, and using Windows Explorer (Not Start>Search), navigate to C:\Program Files\Logitech, locate the Desktop Messenger file, and delete it.

Run CCleanup again, then reboot normally, and again with nothing else running, immediately perform another HiJackThis scan and save the log. Look it over carefully, to see if the problem entries are gone - they should be. If not, if any are still there, or if you are still having trobles, cnavigate back here, briefly summarize what you did and what seems to be wrong, and post the new HJT log. Otherwise - if all seems cool, you should be good to go; re-enable System Restore, establish a fresh restore point, practice Safe Hex, be careful out there, and enjoy.

0 Replies

[RESOLVED] HELP!! I have the Auroa virus too....

Related Topics

Quick Links

My Account

able2know