here are the logs:
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2
10/21/2009 12:16:21 PM
mbam-log-2009-10-21 (12-16-21).txt
Scan type: Quick Scan
Objects scanned: 97252
Time elapsed: 6 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\BlockDefense (Rogue.BlockDefense) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14005934 (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\justin\bmnxfj.exe \s,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\14005934 (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\h05smhb9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14005934\14005934 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14005934\pc14005934ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Delete on reboot.
----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:44 PM, on 10/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FNS\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\fbas55gf\zindef75.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Documents and Settings\justin\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\LSUpdateManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.www.daemon-search.com/default
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {329305EC-DBB2-4E3C-BF82-5BFA3E7D2548} - C:\WINDOWS\system32\vtUmLbaW.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4276F384-E9B8-429C-92F8-16392429F006} - C:\WINDOWS\system32\ljJBrQjJ.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A3F9DF9-47AE-4C76-B18E-58832401A94A} - C:\WINDOWS\system32\ssqOGwUo.dll (file missing)
O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: (no name) - {8AFA2FE9-6D14-4480-B1DA-AF79B95483B8} - C:\WINDOWS\system32\efcYQGYR.dll (file missing)
O2 - BHO: (no name) - {A303DC64-8816-4331-9998-32619F2C1D34} - C:\WINDOWS\system32\mlJYrRHa.dll (file missing)
O2 - BHO: (no name) - {A55E739D-A0C6-4C89-AA4A-8557F952BBD1} - C:\WINDOWS\system32\mlJCTMfE.dll (file missing)
O2 - BHO: (no name) - {BDF1843F-5C1A-4624-BC8C-893A94DE9D39} - C:\WINDOWS\system32\cbXRKAst.dll (file missing)
O2 - BHO: (no name) - {BFABE8A6-9343-431D-B86D-4C660129B733} - C:\WINDOWS\system32\urqOGWQk.dll (file missing)
O2 - BHO: (no name) - {C76CBCDF-C3FE-491B-8CEE-91D3CC14CED3} - C:\WINDOWS\system32\ssqOIXPj.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DD53683C-A610-427D-B2EC-753DDB929F82} - C:\WINDOWS\system32\opnonkHY.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RpcLocator] explorer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GFdert] C:\Documents and Settings\justin\winlogon.exe
O4 - HKLM\..\Run: [C://j.jar] C://j.jar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunServices: [RpcLocator] explorer.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [msupdate] C:\WINDOWS\TEMP\ws.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ic.exe] C:\Users\\AppData\Local\Microsoft\Windows\Explorer\ic.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ws.exe] C:\Users\\AppData\Local\Microsoft\Windows\Explorer\ws.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [winlog.exe] C:\Documents and Settings\LocalService\Application Data\Microsoft\winlog.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Java updater] c:\windows\java\UpdateLoader.jar (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msupdate] C:\WINDOWS\TEMP\ws.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{92ABE552-68D4-43AE-9DBB-68924D7D23E8}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: bw+0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {C9B0E882-A13B-486F-AAA9-1379BED8FFFF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: nmasgs3 (7wrclmho7) - Codejock Software - C:\Program Files\Common Files\fbas55gf\zindef75.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 24442 bytes
Full Version: computer running slow
In the future, please take the time to read the Guidelines a little closer before posting. We do not use HJT for initial posting any more. In the interests of cleaning your computer sooner (its mess), I'll waive the required logs for this time only.
First:
Run HiJackThis and press the Scan' button
When the scan is finished:
Check the following items in HijackThis.
O2 - BHO: (no name) - {329305EC-DBB2-4E3C-BF82-5BFA3E7D2548} - C:\WINDOWS\system32\vtUmLbaW.dll (file missing)
O2 - BHO: (no name) - {4276F384-E9B8-429C-92F8-16392429F006} - C:\WINDOWS\system32\ljJBrQjJ.dll (file missing)
O2 - BHO: (no name) - {5A3F9DF9-47AE-4C76-B18E-58832401A94A} - C:\WINDOWS\system32\ssqOGwUo.dll (file missing)
O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: (no name) - {8AFA2FE9-6D14-4480-B1DA-AF79B95483B8} - C:\WINDOWS\system32\efcYQGYR.dll (file missing)
O2 - BHO: (no name) - {A303DC64-8816-4331-9998-32619F2C1D34} - C:\WINDOWS\system32\mlJYrRHa.dll (file missing)
O2 - BHO: (no name) - {A55E739D-A0C6-4C89-AA4A-8557F952BBD1} - C:\WINDOWS\system32\mlJCTMfE.dll (file missing)
O2 - BHO: (no name) - {BDF1843F-5C1A-4624-BC8C-893A94DE9D39} - C:\WINDOWS\system32\cbXRKAst.dll (file missing)
O2 - BHO: (no name) - {BFABE8A6-9343-431D-B86D-4C660129B733} - C:\WINDOWS\system32\urqOGWQk.dll (file missing)
O2 - BHO: (no name) - {C76CBCDF-C3FE-491B-8CEE-91D3CC14CED3} - C:\WINDOWS\system32\ssqOIXPj.dll (file missing)
O2 - BHO: (no name) - {DD53683C-A610-427D-B2EC-753DDB929F82} - C:\WINDOWS\system32\opnonkHY.dll (file missing)
O4 - HKLM\..\Run: [GFdert] C:\Documents and Settings\justin\winlogon.exe
O4 - HKLM\..\Run: [C://j.jar] C://j.jar
O4 - HKLM\..\RunServices: [RpcLocator] explorer.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-18\..\Run: [msupdate] C:\WINDOWS\TEMP\ws.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ic.exe] C:\Users\\AppData\Local\Microsoft\Windows\Explorer\ic.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ws.exe] C:\Users\\AppData\Local\Microsoft\Windows\Explorer\ws.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [winlog.exe] C:\Documents and Settings\LocalService\Application Data\Microsoft\winlog.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Java updater] c:\windows\java\UpdateLoader.jar (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msupdate] C:\WINDOWS\TEMP\ws.exe (User 'Default user')
O23 - Service: nmasgs3 (7wrclmho7) - Codejock Software - C:\Program Files\Common Files\fbas55gf\zindef75.exe
[b]
Second:
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
[/b]Close all windows except HijackThis and click Fix checked.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
First:
Run HiJackThis and press the Scan' button
When the scan is finished:
Check the following items in HijackThis.
O2 - BHO: (no name) - {329305EC-DBB2-4E3C-BF82-5BFA3E7D2548} - C:\WINDOWS\system32\vtUmLbaW.dll (file missing)
O2 - BHO: (no name) - {4276F384-E9B8-429C-92F8-16392429F006} - C:\WINDOWS\system32\ljJBrQjJ.dll (file missing)
O2 - BHO: (no name) - {5A3F9DF9-47AE-4C76-B18E-58832401A94A} - C:\WINDOWS\system32\ssqOGwUo.dll (file missing)
O2 - BHO: (no name) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: (no name) - {8AFA2FE9-6D14-4480-B1DA-AF79B95483B8} - C:\WINDOWS\system32\efcYQGYR.dll (file missing)
O2 - BHO: (no name) - {A303DC64-8816-4331-9998-32619F2C1D34} - C:\WINDOWS\system32\mlJYrRHa.dll (file missing)
O2 - BHO: (no name) - {A55E739D-A0C6-4C89-AA4A-8557F952BBD1} - C:\WINDOWS\system32\mlJCTMfE.dll (file missing)
O2 - BHO: (no name) - {BDF1843F-5C1A-4624-BC8C-893A94DE9D39} - C:\WINDOWS\system32\cbXRKAst.dll (file missing)
O2 - BHO: (no name) - {BFABE8A6-9343-431D-B86D-4C660129B733} - C:\WINDOWS\system32\urqOGWQk.dll (file missing)
O2 - BHO: (no name) - {C76CBCDF-C3FE-491B-8CEE-91D3CC14CED3} - C:\WINDOWS\system32\ssqOIXPj.dll (file missing)
O2 - BHO: (no name) - {DD53683C-A610-427D-B2EC-753DDB929F82} - C:\WINDOWS\system32\opnonkHY.dll (file missing)
O4 - HKLM\..\Run: [GFdert] C:\Documents and Settings\justin\winlogon.exe
O4 - HKLM\..\Run: [C://j.jar] C://j.jar
O4 - HKLM\..\RunServices: [RpcLocator] explorer.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [tava] C:\WINDOWS\system32\tavo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKUS\S-1-5-18\..\Run: [msupdate] C:\WINDOWS\TEMP\ws.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ic.exe] C:\Users\\AppData\Local\Microsoft\Windows\Explorer\ic.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ws.exe] C:\Users\\AppData\Local\Microsoft\Windows\Explorer\ws.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [winlog.exe] C:\Documents and Settings\LocalService\Application Data\Microsoft\winlog.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Java updater] c:\windows\java\UpdateLoader.jar (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msupdate] C:\WINDOWS\TEMP\ws.exe (User 'Default user')
O23 - Service: nmasgs3 (7wrclmho7) - Codejock Software - C:\Program Files\Common Files\fbas55gf\zindef75.exe
[b]
Second:
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
[/b]Close all windows except HijackThis and click Fix checked.
Reboot in normal mode
Run HiJackThis again and post a new log in this thread.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.