Author Topic: Multiple problems with virus and avast program (Read 21595 times)

pallison · « **on:** December 31, 2007, 08:46:16 PM »

Most of these posts read like Greek to me....I've got some major problems with my computer...I hope you can help me....

My computer started acting up like it had spyware problems....when I clicked on a link it would go to the Google search page instead of the web page....it would also change my load up page to Google from MSN...sometimes when clicking on a link it would take me to some search page I had never heard of instead of the web page....a message reading "Windows Security Alert Warning, Potential Spyware Operation.....etc Click here to download Spyware Remover" pops up like every 3 minutes....I downloaded AD-Aware 2007 and ran it....it deleted some files but I'm still having the same problems....someone told me not to use Ad-aware so I have deleted it from my computer. I downloaded Windows Defender and it also deleted some files, but I'm still having the same problems...Then my control panel quit working, when I click on any icon I get "The operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator"....I rebooted and now my control panel is gone, it is not on Start Menu or in My Computer.....

I downloaded Avast 4.7 and ran it last night....it found quite a few infected files....I moved them to the Virus Chest. I ran the program again today and it found 8 more infected files....when the infected file "C:\WINDOWS\system32\kdhpm.exe" came up and I clicked Move to Chest I got this error message "Virus Chest server is not running. RPC communication failed." It seemed to move the other files to the chest, at least I did not get a message saying it wouldn't. After it finished running I clicked on Virus Chest and it comes up but has red writing stating "Initialization of Chest files Action was completed with errors!" Errors report tab reads "Program cannot use Chest client: (null) --->Description: Virus chest server is not running. RPC communication failed." The detailed information tab reads "Initialization of Chest files
------------------------------------------------------------------------------------------
Program will try to load all Chest files from the following server: (null)
------------------------------------------------------------------------------------------
Action was completed with errors!"

The infected files Avast has moved to the chest have been "C:\System Volume Information\_restore......." mostly. A file that it moved today but not last night was "Win32:Wixad-B [trj]"

I've also been getting 2 different messages that pop when I first boot up and then when I go to web sites....they read:
"persistence Module has encountered a problem and needs to close......" with an error signature igfxpers.exe
The other one reads "KernelDrv.exe has encountered a problem and needs to close." When I click "don't send" I seem to be able to continue without problems...

I hope you can make heads or tails out of my post....I need some help!!!!

oldman · « **Reply #1 on:** December 31, 2007, 08:59:08 PM »

You need something with a little mor punch than Adaware.

Download superantispyware

First update SAS

Then reboot to safe mode and follow the remaining instructions. You may want to print this out as you will not have internet access in safe mode.

After you are in safe mode set SAS up like this

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked
- CHECK ALL BOXES

Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quarentine everything found . Reboot if asked. You can post the log in your next reply if you wish.

pallison · « **Reply #2 on:** December 31, 2007, 11:49:22 PM »

I downloaded SUPERAntiSpyware and ran it per your instructions.....
It did ask me to reboot and when my system booted back up a message came up from SAS detecting home page change from MSN to Google...I, of course, checked for it not to allow it....my control panel is still gone....

I tried clicking on some web sites that I Googled and up pops a message wanting me to download MalwareAlarm...it is in a box headed with Microsoft Internet Explorer.....when I click cancel it takes me to MalwareAlarm web page and begins running what looks to be a scan...I X'd out of it....another address took me to a Days Inn web site, I had clicked on an origami link......sometimes it will take you to the correct page.

The message warning me I have Spyware and should download a program is still popping up.....

The Virus Chest is still empty with the same messages I reported before....should I run another scan with Avast?

Here is the log from the SAS scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/31/2007 at 04:10 PM

Application Version : 3.9.1008

Core Rules Database Version : 3371
Trace Rules Database Version: 1366

Scan type : Complete Scan
Total Scan Time : 01:28:18

Memory items scanned : 179
Memory threats detected : 0
Registry items scanned : 6492
Registry threats detected : 5
File items scanned : 33357
File threats detected : 197

Trojan.Downloader-Gen/Suspicious
   [lanmanwrk.exe] C:\WINDOWS\SYSTEM32\LANMANWRK.EXE
   C:\WINDOWS\SYSTEM32\LANMANWRK.EXE
   [KernelDrv.exe] C:\WINDOWS\SYSTEM32\KERNELDRV.EXE
   C:\WINDOWS\SYSTEM32\KERNELDRV.EXE
   C:\WINDOWS\SYSTEM32\90665.EXE
   C:\WINDOWS\SYSTEM32\96312.EXE
   C:\WINDOWS\Prefetch\90665.EXE-33432A3F.pf
   C:\WINDOWS\Prefetch\LANMANWRK.EXE-12FB2801.pf

Trojan.LanMan/Rootkit
   HKLM\System\ControlSet001\Services\lanmandrv
   C:\WINDOWS\SYSTEM32\LANMANDRV.SYS
   HKLM\System\ControlSet003\Services\lanmandrv
   HKLM\System\CurrentControlSet\Services\lanmandrv

Adware.Tracking Cookie
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@trustedantivirus[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@msnportal.112.2o7[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atdmt[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@partner2profit[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@sale.trustedantivirus[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@metacafe.122.2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.burstnet[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@revsci[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@advertising[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@rotator.adjuggler[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@burstnet[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@secure.advancedcleaner[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ad.yieldmanager[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@overture[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@gomyhit[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tacoda[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@552[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@zedo[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@edge.ru4[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@eyewonder[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atwola[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@advancedcleaner[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.adrevolver[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@specificclick[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@doubleclick[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@spylog[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@casalemedia[4].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@ad.yieldmanager[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@adbrite[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@adecn[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy (3) of jon faulkner@2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@ad.yieldmanager[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adbrite[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adecn[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adinterax[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adopt.specificclick[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adrevolver[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adrevolver[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@atlas.entrepreneur[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@atwola[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@azjmp[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ad.yieldmanager[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adopt.specificclick[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adrevolver[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adrevolver[2].txt

pallison · « **Reply #3 on:** December 31, 2007, 11:51:02 PM »

More of log...too long for a single post......

C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adrevolver[4].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.cluster02.oasis.zmh.zope[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.cluster02.oasis.zmh.zope[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.domainsuite[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.domainsuite[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.e-planning[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.expedia[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.treehugger[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adsby.zwoops[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adserver[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adultadworld[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atdmt[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atdmt[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atwola[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@azjmp[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@bluestreak[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@brightcove.112.2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@bs.serving-sys[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@burstnet[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@casalemedia[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@casalemedia[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@chokertraffic[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@click-to-download[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@clickaider[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@counter.plugin[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@counter3.sextracker[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@counter4.sextracker[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjkyqpcjmbo.stats.esomniture[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjny-1gcjmb.stats.esomniture[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjny-1ndjcf.stats.esomniture[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjnycpajolo.stats.esomniture[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ehg-hollywood.hitbox[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@enhance[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@entrepreneur.122.2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@entrepreneur[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@exitexchange[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@exitexchange[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@eyewonder[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@fastclick[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@fastfindrequest[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@findlinks.addresses[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@findmyinsurancepolicy[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@fucktgp[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@gettyimages.122.2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@goclick[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@h.starware[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@heavycom.122.2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@heavycom.122.2o7[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hg1.hitbox[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hitbox[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hitbox[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hornymatches[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@image.masterstats[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@interclick[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@klik.klikadvertising[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@linksynergy[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.adrevolver[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.adrevolver[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.mtvnservices[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@mediamatters[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@mediaplex[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@mediaplex[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@msnportal.112.2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@network.rpowermedia[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@oceanporno[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@perf.overture[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@phg.hitbox[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[4].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@research.backchannelmedia[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@revsci[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@semdirector.112.2o7[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@serving-sys[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@sexlist[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@soapteens[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@soundtrackcollector[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@specificclick[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@statse.webtrendslive[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tacoda[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@teenmoviegalls[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@toseeka[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tracking.pulse360[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tremor.adbureau[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@try.screensavers[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@try.starware[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@try.starware[3].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@twelvefifteen[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@veryniceteens[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@webstats[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.bigfreeporn[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.boyporn-mechanics[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.burstbeacon[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.burstnet[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.clckm[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.findit-quick[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.ideal-teens[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.insex[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.inthecrack[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.soapteens[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.teenrussianboys[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.xctrk[2].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.young-teen-video[2].txt

pallison · « **Reply #4 on:** December 31, 2007, 11:51:45 PM »

More of log....too long for post.....

C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@yadro[1].txt
   C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@zedo[1].txt
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@adopt.specificclick[1].txt
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@anad.tacoda[2].txt
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@anat.tacoda[2].txt
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@burstnet[2].txt
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@richmedia.yahoo[1].txt
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@www.burstbeacon[2].txt

Trojan.Downloader-Gen/Installer
   C:\WINDOWS\B111.EXE

Trace.Known Threat Sources
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\LQEAMOXX\i701_spacer[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\4XENOHUN\AC_ActiveX[1].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VR8MRNIS\i701_brd-top-1[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\XLOC41YM\i701_line1[1].jpg
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VR8MRNIS\i701_BG[1].jpg
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VBPRFP8W\favicon[1].ico
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\LQEAMOXX\i701_bg2[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\P3ZFLP8E\index[1].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\C9Y7KX63\[1].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\5UN8RW39\i701_boton2[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\Z6GVR1KL\i701_line2[1].jpg
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\7F5BTYA6\ajax[1].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\C9Y7KX63\adc_mainstream_022_a[1].swf
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\C9Y7KX63\noflash[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\KLEFKTMZ\i701_brd-bot-1[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\GVHB2IVL\i701_pc[1].jpg
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\4XENOHUN\i701_bg3[1].jpg
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\7F5BTYA6\i701_cor-left-1[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\PQXY2R7W\spacer[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VN72FMN0\i701_line3[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\errorhandler[1].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\0X6ZO5UB\i701_bg4[1].jpg
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\errorhandler[2].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\XLOC41YM\ajax[1].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\MAIVI7EB\i701_cor-right-1[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\P3ZFLP8E\stats[1].jpg
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\data[1].htm
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\i701_boton1[1].gif
   C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\LQEAMOXX\stats[1].jpg

oldman · « **Reply #5 on:** January 01, 2008, 12:09:43 AM »

This is good all purpose cleaner if you don't all ready have one. When first run, it is in demo mode to show you what it will remove. When you run it the second time make sure it's not still in demo mode.

download from here http://www.stevengould.org/downloads/cleanup/

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

please note:

Combofix should never take more that 20 minutes including the reboot if malware is detected.

Do the following only if combofix stalls after 20 or so minutes and you are sure it has stalled, ie no hard drive light or noise.

If it does, open Task Manager (press ctrl, alt and del at the same time) then Processes tab and end any processes of findstr, find, sed or swreg, then combofix should continue.

End one at a time and see if combofix resumes.

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

>
Please run in the order I posted them and post the combofix and hijackthis log in your next reply.

pallison · « **Reply #6 on:** January 01, 2008, 03:42:22 AM »

ComboFix log....Hjt log to follow....

ComboFix 07-12-31.4 - Jon Faulkner 2007-12-31 20:24:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.103 [GMT -6:00]
Running from: C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\P3ZFLP8E\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Jon Faulkner\Application Data\inst.exe
C:\Program Files\inetget2
C:\WINDOWS\medichi.exe
C:\WINDOWS\medichi2.exe
C:\WINDOWS\murka.dat
C:\WINDOWS\sks~1
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\qmopt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LANMANDRV

((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2007-12-31 20:23 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-12-31 14:34 . 2007-12-31 14:34   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 14:33 . 2007-12-31 17:47   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-12-31 14:33 . 2007-12-31 14:33   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 14:33 . 2007-12-31 14:33   <DIR>   d--------   C:\Documents and Settings\Jon Faulkner\Application Data\SUPERAntiSpyware.com
2007-12-30 22:26 . 2007-12-30 22:26   <DIR>   d--------   C:\Program Files\Alwil Software
2007-12-30 22:26 . 2007-12-04 07:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-12-30 22:26 . 2004-01-09 03:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2007-12-30 22:26 . 2007-12-04 06:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2007-12-30 22:26 . 2007-12-04 08:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 22:26 . 2007-12-04 08:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 22:26 . 2007-12-04 08:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 22:26 . 2007-12-04 08:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 22:26 . 2007-12-04 08:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 22:02 . 2007-12-30 22:02   <DIR>   d--------   C:\Program Files\Windows Defender
2007-12-30 21:57 . 2007-12-30 21:57   9,216   --a------   C:\WINDOWS\system32\susp32.exe
2007-12-30 21:06 . 2007-12-30 21:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-28 15:05 . 2007-12-28 19:19   16,384   --a------   C:\WINDOWS\system32\users32.dat
2007-12-25 12:39 . 2007-12-30 21:28   <DIR>   d--------   C:\Program Files\Photo Viewer
2007-12-20 21:06 . 2007-12-20 21:08   <DIR>   d--------   C:\Program Files\Motorola Phone Tools
2007-12-13 15:03 . 2007-12-13 15:03   98   --a------   C:\WINDOWS\WirelessFTP.INI
2007-12-06 21:21 . 2007-12-06 21:21   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-12-06 21:20 . 2007-10-31 14:09   30,464   --a------   C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-06 20:56 . 2004-08-04 00:56   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2007-12-06 20:56 . 2001-08-17 22:36   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 02:19   ---------   d-----w   C:\Program Files\TrueAssistant
2007-12-31 13:41   42,210   ----a-w   C:\Documents and Settings\Jon Faulkner\Application Data\wklnhst.dat
2007-12-31 05:08   ---------   d-----w   C:\Program Files\vmntoolbar
2007-12-31 03:06   ---------   d-----w   C:\Program Files\Lavasoft
2007-12-28 21:07   ---------   d-----w   C:\Program Files\ltmoh
2007-12-28 03:24   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Image Zone Express
2007-12-26 18:25   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Vso
2007-12-21 03:12   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-21 03:06   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-12-21 03:05   24,192   -c--a-w   C:\Documents and Settings\Jon Faulkner\usbsermptxp.sys
2007-12-21 03:05   22,768   -c--a-w   C:\Documents and Settings\Jon Faulkner\usbsermpt.sys
2007-12-21 03:05   22,768   ----a-w   C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-12-20 03:13   ---------   d-----w   C:\Program Files\DVDFab Platinum 3
2007-12-08 07:01   ---------   d-----w   C:\Program Files\iTunes
2007-12-07 03:30   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Apple Computer
2007-12-07 03:24   ---------   d-----w   C:\Program Files\iPod
2007-12-07 03:23   ---------   d-----w   C:\Program Files\QuickTime
2007-11-28 04:22   ---------   d-----w   C:\Program Files\STOPzilla!
2007-11-28 04:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-28 03:30   1,024   ----a-w   C:\WINDOWS\system32\drivers\AF4DDDA4-BF0D-479B-A00D-F62E37030F0A.cxv
2007-11-28 03:27   2,048   ----a-w   C:\WINDOWS\system32\drivers\1E648BC4-712E-4D9C-ABBE-BA2DE1381703.cxv
2007-11-28 02:38   ---------   d-----w   C:\Documents and Settings\Jon Faulkner\Application Data\Lavasoft
2007-11-26 11:12   ---------   d-----w   C:\Program Files\Logitech
2007-11-20 16:41   ---------   d-----w   C:\Program Files\CandleWorks
2007-11-20 16:38   7,417,077   ----a-w   C:\FXTS2Install.EXE
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-03 23:48   47,360   ----a-w   C:\Documents and Settings\Jon Faulkner\Application Data\pcouffin.sys
2006-08-14 21:48   19   -c--a-w   C:\Program Files\Answer.txt
2006-08-14 21:29   2,609   -c--a-w   C:\Program Files\index.htm
2006-07-03 13:22   26,624   -c--a-w   C:\Program Files\New President ask Resignations Supreme Justices..wps
.

pallison · « **Reply #7 on:** January 01, 2008, 03:43:09 AM »

2nd page of ComboFix log.......

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-12-28 15:05 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-28 15:05 36864]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-28 15:05 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2007-12-28 15:05 73728]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 12:23 356352]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-28 15:05 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-28 15:05 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-28 15:05 114688]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2007-12-28 15:05 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 17:17 88358 C:\WINDOWS\agrsmmsg.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-28 15:05 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-28 15:05 688218]
"TFncKy"="TFncKy.exe" []
"TPSMain"="TPSMain.exe" [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2007-12-28 15:05 1077301]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-12-28 15:05 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-12-28 15:05 151552]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2007-12-28 15:05 122941]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-12-28 15:05 385024]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 03:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-28 15:05 49152]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 15:35 28672]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 15:41 8192]
"CFSServ.exe"="CFSServ.exe" []
"ReminderApp"="C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe" [2007-12-28 15:05 156160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]

C:\Documents and Settings\Jon Faulkner\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-11-17 03:45:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-08 01:38:41]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-28 14:56:17]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-07-24 15:58:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 13:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 11:05]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 01:32]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 01:32]
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys [2001-04-12 13:04]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-05-30 19:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-01 02:33:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 20:31:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 20:35:52 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 02:35:48
.
2007-12-23 07:06:39   --- E O F ---

pallison · « **Reply #8 on:** January 01, 2008, 03:48:16 AM »

1st of HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:09 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jon Faulkner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

pallison · « **Reply #9 on:** January 01, 2008, 03:54:17 AM »

2nd part of HIJackthis log:

O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab
O18 - Protocol: bw+0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

pallison · « **Reply #10 on:** January 01, 2008, 03:54:53 AM »

3rd part of HIJackthis log:

O18 - Protocol: bwd0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: (no name) - http://www.seawindsna.com/seawind/seawind23.gif
O24 - Desktop Component 1: (no name) - http://www.uscg.mil/History/webcutters/Cutter_5HECs_Color.jpg

--
End of file - 23134 bytes

oldman · « **Reply #11 on:** January 01, 2008, 04:15:10 AM »

How are things going for you now? I'm just having a look. Do you have any pictures, images on your desktop that you want to keep?

Is your control panel back?

pallison · « **Reply #12 on:** January 01, 2008, 04:31:11 AM »

My control panel is back and I can click on the items.....my desktop is full of folders and shortcut icons....I also save alot of my word documents straight to desktop.....I don't have any images though....why? (I'm almost afraid to ask!!!)

pallison · « **Reply #13 on:** January 01, 2008, 04:33:23 AM »

When I do a google search, for example origami, and then click on a link that comes up, it sometimes takes me to the google search page again and just now it took me to a search engine called MonsterMarketplace.....then next time I click it goes to the correct site.....

pallison · « **Reply #14 on:** January 01, 2008, 04:37:05 AM »

The box that popped every 3 or 4 minutes about Spyware, has not popped up for awhile now!!! I'm holding my breath.....

Author Topic: Multiple problems with virus and avast program (Read 21595 times)

pallison

Multiple problems with virus and avast program

oldman

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

oldman

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

oldman

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program

pallison

Re: Multiple problems with virus and avast program