HI Jack This - ' has encountered a problem and needs to close.'

Loupguru · 2006/08/28

Posted in 2 parts due to length...

Ok, So I am a video editor and have royally ******* up my Avid!
I DL'ed the update for it, and was trying to find the Plug In's that are supposed to come with it. I am not all that websavvy and must have downloaded the wrong thing! My antivirus software isn't finding anything, but every thing I try to open is immediately giving me this error msg:

"[X] has encountered a problem and needs to close. We are sorry for the inconvenience. "

Also, my icons for my plug ins no longer have their normal look but are all shaded black! :/

Here is my Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:30:59 PM, on 8/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
c:\program files\common files\aol\1141314055\ee\aolsoftware.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Network Associates\On Demand Scanner\Scan32\scan32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Anti-Virus\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A} - C:\WINDOWS\system32\awvtr.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141314055\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: bw+0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Loupguru · 2006/08/28

Part 2 of log

O18 - Protocol: bwe0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Please help??

-bad bad editor

TeMerc · 2006/08/28

Welcome to WindowsBBS Forums.

Sorry to hear about your problem, but we can help. What you have appears to be a Vundo infection. We have a special tool just for these infections. Please do as instucted below.

Before we proceed we need to disable Spybot's TeaTimer. It will interfere with any fixes we make. Disable TeaTimer by doing the following:

Run Spybot-S&D

Go to the Mode menu, and make sure Advanced Mode is selected

On the left hand side, choose Tools -> Resident

Uncheck Resident TeaTimer and OK any prompts

You can reenable TeaTimer once your system is clean.

With regards to all those 018 entries, once you have run another HJT log file, you can edit all those out, we don't need to see those, but we'll be fixing them later on.

Please download VundoFix.exe
to your desktop.

Double-click *VundoFix.exe* to run it.

Click the *Scan for Vundo* button.

Once it's done scanning, click the *Remove Vundo* button.

You will receive a prompt asking if you want to remove the files, click *YES*

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click *OK*.

Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot

Then run another HJT logfile and post it back for me.

Thanks.

Loupguru · 2006/08/28

Sir,

I did what you said but Vundo said it didn't find any infected files.

Now what? :<

TeMerc · 2006/08/28

Interesting, the two files relating to the BHO and 020 entries should be in the database. That's how I found them.

Lets try another special tool.

Download combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Loupguru · 2006/08/28

Oh, another thing is - when I try to click 'show desktop' icon on the quick start menu, it doesn't work.

Anyhow, here is the combofix result:

Administrator - 06-08-28 16:58:38.59
ComboFix 06.08.27BT - Running from: C:\Anti-Virus

((((((((((((((((((((((((((((((( Files Created from 2006-07-28 to 2006-08-28 ))))))))))))))))))))))))))))))))))

2006-08-28 13:08 105,984 --a------ C:\WINDOWS\system32\delme.exe
2006-08-28 10:36 503,808 --a------ C:\WINDOWS\system32\ilinet.dll
2006-08-28 09:26 73,728 --a------ C:\WINDOWS\system32\xmltok.dll
2006-08-28 09:26 7,962,624 --a------ C:\WINDOWS\system32\SVI.dll
2006-08-28 09:26 655,360 --a------ C:\WINDOWS\system32\mmclientVC7.dll
2006-08-28 09:26 65,536 --a------ C:\WINDOWS\system32\AvidQTUpdaterVC7.dll
2006-08-28 09:26 614,400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll
2006-08-28 09:26 61,440 --a------ C:\WINDOWS\system32\libjpegV4.dll
2006-08-28 09:26 53,248 --a------ C:\WINDOWS\system32\ipl.dll
2006-08-28 09:26 49,152 --a------ C:\WINDOWS\system32\AvidSDMService.exe
2006-08-28 09:26 466,944 --a------ C:\WINDOWS\system32\ommclient.dll
2006-08-28 09:26 40,960 --a------ C:\WINDOWS\system32\INETTransportLibrary.dll
2006-08-28 09:26 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2006-08-28 09:26 278,528 --a------ C:\WINDOWS\system32\AvidSDM.dll
2006-08-28 09:26 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2006-08-28 09:26 2,973,696 --a------ C:\WINDOWS\system32\iplA6.dll
2006-08-28 09:26 2,785,280 --a------ C:\WINDOWS\system32\iplM6.dll
2006-08-28 09:26 2,686,976 --a------ C:\WINDOWS\system32\iplM5.dll
2006-08-28 09:26 2,531,328 --a------ C:\WINDOWS\system32\iplP6.dll
2006-08-28 09:26 2,502,656 --a------ C:\WINDOWS\system32\iplPX.dll
2006-08-28 09:26 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2006-08-28 09:26 141,312 --a------ C:\WINDOWS\system32\FFBTN32.dll
2006-08-28 09:26 122,880 --a------ C:\WINDOWS\system32\PtSSE2.dll
2006-08-28 09:26 102,400 --a------ C:\WINDOWS\system32\Dac32.dll
2006-08-28 09:26 1,658,973 --a------ C:\WINDOWS\system32\libmmd.dll
2006-08-28 09:26 1,323,008 --a------ C:\WINDOWS\system32\AvidStartup.exe
2006-08-24 18:09 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2006-08-24 15:16 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2006-08-24 15:15 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-08-24 15:15 299,520 --a------ C:\WINDOWS\uninst.exe
2006-08-24 14:47 0 -rahs---- C:\MSDOS.SYS
2006-08-24 14:47 0 -rahs---- C:\IO.SYS
2006-08-16 11:41 335,872 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2006-08-04 07:20 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-28 15:38 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-28 15:38 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-28 15:38 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-28 15:38 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-28 15:38 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-28 15:38 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2006-08-28 15:37 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-08-28 15:37 -------- d-------- C:\Program Files\Grisoft
2006-08-28 14:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-08-28 14:24 -------- d-------- C:\Program Files\Lavasoft
2006-08-28 13:46 -------- d-------- C:\Program Files\Network Associates
2006-08-28 13:41 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-28 13:31 -------- d-------- C:\Program Files\Common Files\Network Associates
2006-08-28 13:31 -------- d-------- C:\Program Files\Common Files
2006-08-28 10:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-28 10:36 -------- d-------- C:\Program Files\Digidesign
2006-08-28 09:32 -------- d-------- C:\Program Files\Common Files\Avid
2006-08-28 09:26 -------- d-------- C:\Program Files\Avid
2006-08-25 17:48 -------- d-------- C:\Program Files\National Instruments
2006-08-25 16:19 -------- d-------- C:\Program Files\Boris FX, Inc
2006-08-24 15:18 -------- d-------- C:\Program Files\Blackmagic Design
2006-08-24 15:16 -------- d-------- C:\Program Files\Satori FilmFX v3.20
2006-08-24 15:15 -------- d-------- C:\Program Files\FilmFX2
2006-08-24 15:05 -------- d-------- C:\Program Files\Adobe
2006-08-24 15:03 -------- d-------- C:\Program Files\Allegorithmic
2006-08-24 14:00 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-21 11:10 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-08-21 11:03 -------- d-------- C:\Program Files\Transparent
2006-08-16 11:41 -------- d-------- C:\Program Files\WDC
2006-08-16 11:41 -------- d-------- C:\Program Files\Dantz
2006-08-16 11:41 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-11 18:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-08-11 12:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Opera
2006-08-11 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 09:51 -------- d-------- C:\Program Files\Common Files\Vbox
2006-07-27 17:03 -------- d-------- C:\Program Files\TypingMaster
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 13:43 -------- d-------- C:\Program Files\Common Files\Logitech
2006-07-25 13:42 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-07-25 13:42 -------- d-------- C:\Program Files\Logitech
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 10:18 -------- d-------- C:\Program Files\Microsoft.NET
2006-07-20 10:18 -------- d-------- C:\Program Files\Microsoft Office
2006-07-20 10:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-07-20 10:18 -------- d-------- C:\Program Files\Common Files\System
2006-07-20 10:18 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-20 10:18 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-07-18 12:12 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-07-17 11:24 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-17 11:24 -------- d-------- C:\Program Files\AOL
2006-07-17 11:24 -------- d-------- C:\Program Files\AOD
2006-07-17 11:23 -------- d-------- C:\Program Files\Common Files\aolshare
2006-06-29 11:15 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Allume Systems
2006-06-29 09:58 -------- d-------- C:\Program Files\Allume Systems
2006-06-07 15:54 786026 ---hs---- C:\WINDOWS\system32\rtvwa.ini2
2006-06-07 15:40 783895 ---hs---- C:\WINDOWS\system32\rtvwa.bak2
2006-06-06 16:28 765099 ---hs---- C:\WINDOWS\system32\rtvwa.bak1
2006-05-03 09:03 869 --a------ C:\Documents and Settings\Administrator\Application Data\AdobeDLM.log
2006-05-03 09:03 0 --a------ C:\Documents and Settings\Administrator\Application Data\dm.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp "= "C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe "
"DrvLsnr "= "C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe "
"PRONoMgrWired "= "c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe "
"Promon.exe "=" "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"HostManager "= "C:\\Program Files\\Common Files\\AOL\\1141314055\\ee\\AOLSoftware.exe "
"ViewMgr "= "C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe "
"POINTER "= "point32.exe "
"NeroFilterCheck "= "C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"IPHSend "= "C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe "
"LVCOMSX "= "C:\\WINDOWS\\system32\\LVCOMSX.EXE "
"LogitechCameraAssistant "= "C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe "
"LogitechVideo[inspector] "= "C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect "
"LogitechCameraService(E) "= "C:\\WINDOWS\\system32\\ElkCtrl.exe /automation "
"Acrobat Assistant 7.0 "= "\ "C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\" "
@=" "
"WD Button Manager "= "WDBtnMgr.exe "
"SetIcon "= "\\Program Files\\WDC\\SetIcon.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6 "=" "
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "\ "C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\" "
"googletalk "= "\ "C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart "
"LDM "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "
"MSMSGS "= "\ "C:\\PROGRA~1\\MESSEN~1\\msmsgs.exe\" /background "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"SpybotSnD "= "\ "C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "http://img218.exs.cx/img218/1957/waterbkg.gif "
"SubscribedURL "= "http://img218.exs.cx/img218/1957/waterbkg.gif "
"FriendlyName "=" "
"Flags "=dword:00000001
"Position "=hex:2c,00,00,00,10,03,00,00,19,01,00,00,46,00,00,00,1e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:01,00,00,00
"OriginalStateInfo "=hex:18,00,00,00,12,03,00,00,19,01,00,00,46,00,00,00,1e,00,\
00,00,01,00,00,40
"RestoredStateInfo "=hex:14,6d,e0,0b,41,c0,b4,74,98,af,b8,06,68,de,e0,0b,20,6d,\
e0,0b,24,e3,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source "= "http://lalaalyssa.com/aly/glitterfills/lalaalyssasglitterfills32.gif "
"SubscribedURL "= "http://lalaalyssa.com/aly/glitterfills/lalaalyssasglitterfills32.gif "
"FriendlyName "=" "
"Flags "=dword:00000001
"Position "=hex:2c,00,00,00,12,02,00,00,51,00,00,00,3c,00,00,00,3c,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:01,00,00,00
"OriginalStateInfo "=hex:18,00,00,00,12,02,00,00,23,00,00,00,3c,00,00,00,3c,00,\
00,00,01,00,00,40
"RestoredStateInfo "=hex:14,6d,4f,0c,41,c0,b4,74,b0,00,94,06,68,de,4f,0c,20,6d,\
4f,0c,24,e3,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source "= "http://www.judgealexprod.com/exchange/Valerie.Jupe/Inbox/Vallie%20here%20is%20my%20animated%20gif.EML/1_multipart/2_multipart/2_valrocks.gif?Security=2 "
"SubscribedURL "= "http://www.judgealexprod.com/exchange/Valerie.Jupe/Inbox/Vallie%20here%20is%20my%20animated%20gif.EML/1_multipart/2_multipart/2_valrocks.gif?Security=2 "
"FriendlyName "=" "
"Flags "=dword:00000001
"Position "=hex:2c,00,00,00,12,02,00,00,19,01,00,00,c8,00,00,00,4f,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:01,00,00,00
"OriginalStateInfo "=hex:18,00,00,00,12,02,00,00,19,01,00,00,c8,00,00,00,4f,00,\
00,00,01,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,12,02,00,00,19,01,00,00,c8,00,00,00,4f,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,04,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,06,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtr

Completion time: Mon 08/28/2006 16:58:57.65
ComboFix.txt
ComboFix2.txt

TeMerc · 2006/08/28

OK, the Vundo files are definately there, as the Combo log tells.

I'll get to this later on and post back in the evening, I'm in AZ on MST.

Thanks for being patient.

Loupguru · 2006/08/29

Ah MST! Dont hear that too often
Well I tried running that Vundo thing again after rebooting to no avail. Let me know if you do think of anything. And it is much appreciated thanks!

TeMerc · 2006/08/29

Augggh....sorry I didn't get to this last nite, it slipped my mind.

Before we proceed I would like you to check some property files for me, as my research does not provide enough conclusive inf that they are indeed malicious. And you have some odd programs on your machine, so I would like to be sure of what it is I'm asking you to remove.

Check the properties of the following files please, right click the file, select 'Properties' and give me all the info contained within the tabs. Manufacturer, version, language, date created so forth.
C:\WINDOWS\system32\FFBTN32.dll
C:\WINDOWS\system32\PtSSE2.dll
C:\WINDOWS\system32\mmclientVC7.dll

Once you give me that info, we can proceed. Once again, sorry for not getting back when I said I would.

Loupguru · 2006/08/29

Oookie Dokie!

"give me all the info contained within the tabs. Manufacturer, version, language, date created so forth.
C:\WINDOWS\system32\FFBTN32.dll "

General tab:
Type of file: Application Extension
Opens with: unknown
Location: C:\WINDOWS\system32
Size: 138 bk
Size on disk: 140 kb
Created: Yesterday, Aug 28, 9:26 AM
Accessed: Today, Aug 29, 11:47 AM [hey, right now! ;]

Version Tab:
File version: 2.0.9501.2
Description: Button embedded-window DLL for WinHelp 4.0
Copyright: Copyright © ForeFront, Inc. 1996
Company: ForeFront Inc
File version: 2.95.1
Internal name: FF_BTN
Lang: eng
Original File name:FF_BTN.DLL
Prod. name: ForeFront Help Buttons

Security Tab:
Erm.... all users allowed full ctrl

Nothing under summary...

Next up:
C:\WINDOWS\system32\PtSSE2.dll

Type: App. Extension
Opens With: Unknown
Size: 120 KB
Size on disk: 120 KB
Created: Yesterday Aug 28, 9:26AM
Accessed: right now

Security Tab:
All users all permissions...

Doesn't appear to be a version tab for this one??

Next up:
C:\WINDOWS\system32\mmclientVC7.dll

Size: 640KB
Size on disk: 640KB
Created: Yesterday, Aug 28 9:26 AM
Modified: Wed March 08 2006, 10:12AM [?]
Accessed: Today

Version Tab:
File version: 7.0.11.10950
Description: MediaManager Client
Copyright: (c) Copyright 2001-2006 Avid Technology, Inc.
Other version info:
Comments: 08-Mar-2006.19:17
Company: Avid Technology, Inc.
File version: 7.0.11.10950
Internal Name: WG_Haystack_R10950
Legal Trademarks: Avid is a registered trademark of Avid Technology, Inc. Portions of this product are protected by U.S. Patent Nos. 5,045,040; 5,267,351; and 5,355,450. Additional U.S. and foreign patents are pending.
Original File name: mmclient.dll
Product name: MediaManager Client
Version: 7.0.11

So that last one should be fine right?
Well, dont feel bad for not remembering about this - it's my computer at work so after 7PM or so I'm rarely here anyway

TeMerc · 2006/08/29

Oh, another thing is - when I try to click 'show desktop' icon on the quick start menu, it doesn't work.
Click to expand...

This is from the infection, we'll del with thiis setting next round of instructions, I want to get the files first, those are registry entries we need to hack out.

Below you will find my results and recommendations. Please read ALL instructions carefully BEFORE proceeding.

1) Please download the Killbox.
Save it to the desktop and run it.

2) Select "Delete on Reboot ", and then select "All files ".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\delme.exe
C:\WINDOWS\system32\SVI.dll
C:\WINDOWS\system32\PtSSE2.dll
C:\WINDOWS\unvise32.exe
C:\WINDOWS\uninst.exe
C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\rtvwa.bak2
C:\WINDOWS\system32\rtvwa.bak1

4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard ".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Reboot and run ComboFix first, save the log then run HJT and save that log as well and add them to your next post.

Loupguru · 2006/08/30

Howdy

Ok here we go again

ComboFix Log:

Administrator - 06-08-30 10:02:06.78
ComboFix 06.08.27BT - Running from: C:\Anti-Virus

((((((((((((((((((((((((((((((( Files Created from 2006-07-30 to 2006-08-30 ))))))))))))))))))))))))))))))))))

2006-08-28 10:36 503,808 --a------ C:\WINDOWS\system32\ilinet.dll
2006-08-28 09:26 73,728 --a------ C:\WINDOWS\system32\xmltok.dll
2006-08-28 09:26 655,360 --a------ C:\WINDOWS\system32\mmclientVC7.dll
2006-08-28 09:26 65,536 --a------ C:\WINDOWS\system32\AvidQTUpdaterVC7.dll
2006-08-28 09:26 614,400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll
2006-08-28 09:26 61,440 --a------ C:\WINDOWS\system32\libjpegV4.dll
2006-08-28 09:26 53,248 --a------ C:\WINDOWS\system32\ipl.dll
2006-08-28 09:26 49,152 --a------ C:\WINDOWS\system32\AvidSDMService.exe
2006-08-28 09:26 466,944 --a------ C:\WINDOWS\system32\ommclient.dll
2006-08-28 09:26 40,960 --a------ C:\WINDOWS\system32\INETTransportLibrary.dll
2006-08-28 09:26 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2006-08-28 09:26 278,528 --a------ C:\WINDOWS\system32\AvidSDM.dll
2006-08-28 09:26 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2006-08-28 09:26 2,973,696 --a------ C:\WINDOWS\system32\iplA6.dll
2006-08-28 09:26 2,785,280 --a------ C:\WINDOWS\system32\iplM6.dll
2006-08-28 09:26 2,686,976 --a------ C:\WINDOWS\system32\iplM5.dll
2006-08-28 09:26 2,531,328 --a------ C:\WINDOWS\system32\iplP6.dll
2006-08-28 09:26 2,502,656 --a------ C:\WINDOWS\system32\iplPX.dll
2006-08-28 09:26 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2006-08-28 09:26 141,312 --a------ C:\WINDOWS\system32\FFBTN32.dll
2006-08-28 09:26 102,400 --a------ C:\WINDOWS\system32\Dac32.dll
2006-08-28 09:26 1,658,973 --a------ C:\WINDOWS\system32\libmmd.dll
2006-08-28 09:26 1,323,008 --a------ C:\WINDOWS\system32\AvidStartup.exe
2006-08-24 18:09 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2006-08-24 15:16 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2006-08-24 14:47 0 -rahs---- C:\MSDOS.SYS
2006-08-24 14:47 0 -rahs---- C:\IO.SYS
2006-08-16 11:41 335,872 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
2006-08-04 07:20 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-30 08:00 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2006-08-29 20:09 -------- d-------- C:\Program Files\FileZilla
2006-08-29 13:06 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-28 15:38 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-28 15:38 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-28 15:38 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-28 15:38 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-28 15:38 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-28 15:37 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-08-28 15:37 -------- d-------- C:\Program Files\Grisoft
2006-08-28 14:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-08-28 14:24 -------- d-------- C:\Program Files\Lavasoft
2006-08-28 13:46 -------- d-------- C:\Program Files\Network Associates
2006-08-28 13:31 -------- d-------- C:\Program Files\Common Files\Network Associates
2006-08-28 13:31 -------- d-------- C:\Program Files\Common Files
2006-08-28 10:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-28 10:36 -------- d-------- C:\Program Files\Digidesign
2006-08-28 09:32 -------- d-------- C:\Program Files\Common Files\Avid
2006-08-28 09:26 -------- d-------- C:\Program Files\Avid
2006-08-25 17:48 -------- d-------- C:\Program Files\National Instruments
2006-08-25 16:19 -------- d-------- C:\Program Files\Boris FX, Inc
2006-08-24 15:18 -------- d-------- C:\Program Files\Blackmagic Design
2006-08-24 15:16 -------- d-------- C:\Program Files\Satori FilmFX v3.20
2006-08-24 15:15 -------- d-------- C:\Program Files\FilmFX2
2006-08-24 15:05 -------- d-------- C:\Program Files\Adobe
2006-08-24 15:03 -------- d-------- C:\Program Files\Allegorithmic
2006-08-24 14:00 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-21 11:10 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-08-21 11:03 -------- d-------- C:\Program Files\Transparent
2006-08-16 11:41 -------- d-------- C:\Program Files\WDC
2006-08-16 11:41 -------- d-------- C:\Program Files\Dantz
2006-08-16 11:41 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-11 18:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-08-11 12:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Opera
2006-08-11 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 09:51 -------- d-------- C:\Program Files\Common Files\Vbox
2006-07-27 17:03 -------- d-------- C:\Program Files\TypingMaster
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 13:43 -------- d-------- C:\Program Files\Common Files\Logitech
2006-07-25 13:42 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2006-07-25 13:42 -------- d-------- C:\Program Files\Logitech
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 10:18 -------- d-------- C:\Program Files\Microsoft.NET
2006-07-20 10:18 -------- d-------- C:\Program Files\Microsoft Office
2006-07-20 10:18 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-07-20 10:18 -------- d-------- C:\Program Files\Common Files\System
2006-07-20 10:18 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-20 10:18 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-07-18 12:12 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-07-17 11:24 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-17 11:24 -------- d-------- C:\Program Files\AOL
2006-07-17 11:24 -------- d-------- C:\Program Files\AOD
2006-07-17 11:23 -------- d-------- C:\Program Files\Common Files\aolshare
2006-05-03 09:03 869 --a------ C:\Documents and Settings\Administrator\Application Data\AdobeDLM.log
2006-05-03 09:03 0 --a------ C:\Documents and Settings\Administrator\Application Data\dm.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp "= "C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe "
"DrvLsnr "= "C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe "
"PRONoMgrWired "= "c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe "
"Promon.exe "=" "
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"HostManager "= "C:\\Program Files\\Common Files\\AOL\\1141314055\\ee\\AOLSoftware.exe "
"ViewMgr "= "C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe "
"POINTER "= "point32.exe "
"NeroFilterCheck "= "C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"iTunesHelper "= "\ "C:\\Program Files\\iTunes\\iTunesHelper.exe\" "
"IPHSend "= "C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe "
"LVCOMSX "= "C:\\WINDOWS\\system32\\LVCOMSX.EXE "
"LogitechCameraAssistant "= "C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe "
"LogitechVideo[inspector] "= "C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect "
"LogitechCameraService(E) "= "C:\\WINDOWS\\system32\\ElkCtrl.exe /automation "
"Acrobat Assistant 7.0 "= "\ "C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\" "
@=" "
"WD Button Manager "= "WDBtnMgr.exe "
"SetIcon "= "\\Program Files\\WDC\\SetIcon.exe "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6 "=" "
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "\ "C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\" "
"googletalk "= "\ "C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart "
"LDM "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "
"MSMSGS "= "\ "C:\\PROGRA~1\\MESSEN~1\\msmsgs.exe\" /background "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "http://img218.exs.cx/img218/1957/waterbkg.gif "
"SubscribedURL "= "http://img218.exs.cx/img218/1957/waterbkg.gif "
"FriendlyName "=" "
"Flags "=dword:00000001
"Position "=hex:2c,00,00,00,10,03,00,00,19,01,00,00,46,00,00,00,1e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:01,00,00,00
"OriginalStateInfo "=hex:18,00,00,00,12,03,00,00,19,01,00,00,46,00,00,00,1e,00,\
00,00,01,00,00,40
"RestoredStateInfo "=hex:14,6d,e0,0b,41,c0,b4,74,98,af,b8,06,68,de,e0,0b,20,6d,\
e0,0b,24,e3,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source "= "http://lalaalyssa.com/aly/glitterfills/lalaalyssasglitterfills32.gif "
"SubscribedURL "= "http://lalaalyssa.com/aly/glitterfills/lalaalyssasglitterfills32.gif "
"FriendlyName "=" "
"Flags "=dword:00000001
"Position "=hex:2c,00,00,00,12,02,00,00,51,00,00,00,3c,00,00,00,3c,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:01,00,00,00
"OriginalStateInfo "=hex:18,00,00,00,12,02,00,00,23,00,00,00,3c,00,00,00,3c,00,\
00,00,01,00,00,40
"RestoredStateInfo "=hex:14,6d,4f,0c,41,c0,b4,74,b0,00,94,06,68,de,4f,0c,20,6d,\
4f,0c,24,e3,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source "= "http://www.judgealexprod.com/exchange/Valerie.Jupe/Inbox/Vallie%20here%20is%20my%20animated%

20gif.EML/1_multipart/2_multipart/2_valrocks.gif?Security=2 "
"SubscribedURL "= "http://www.judgealexprod.com/exchange/Valerie.Jupe/Inbox/Vallie%20here%20is%20my%20animated%

20gif.EML/1_multipart/2_multipart/2_valrocks.gif?Security=2 "
"FriendlyName "=" "
"Flags "=dword:00000001
"Position "=hex:2c,00,00,00,12,02,00,00,19,01,00,00,c8,00,00,00,4f,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:01,00,00,00
"OriginalStateInfo "=hex:18,00,00,00,12,02,00,00,19,01,00,00,c8,00,00,00,4f,00,\
00,00,01,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,12,02,00,00,19,01,00,00,c8,00,00,00,4f,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,04,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,6a,06,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtr

Completion time: Wed 08/30/2006 10:02:54.28
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

Loupguru · 2006/08/30

Hijack this log part 1:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:38 AM, on 8/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1141314055\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MESSEN~1\msmsgs.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Anti-Virus\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A} - C:\WINDOWS\system32\awvtr.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141314055\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: bw+0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Loupguru · 2006/08/30

Hijack this log part 2:

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CF5B1209-4E03-40F2-9B0C-06E8DC380A31} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvtr - C:\WINDOWS\system32\awvtr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

TeMerc · 2006/08/30

OK, looks like we got most of what was there. Now lets see if that remaining file will go away.

We also need to run HJT and fix all of the 018 entries:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

Lets run Killbox agaifollowing the same instructions and insert this file:
C:\WINDOWS\system32\awvtr.dll

Reboot, run HJT again and see if that file is still there. If it is then lets run another searching tool. (no need to post a new log from HJT)

Please download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.

Loupguru · 2006/08/30

Well when I did this and ran hijack this I found this:

O2 - BHO: (no name) - {B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A} - C:\WINDOWS\system32\awvtr.dll (file missing)

Is that right now? if so, are there any other steps?

TeMerc · 2006/08/30

Well when I did this and ran hijack this I found this:

O2 - BHO: (no name) - {B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A} - C:\WINDOWS\system32\awvtr.dll (file missing)

Is that right now? if so, are there any other steps?
Click to expand...

See my previous instructions:

TeMerc said:

Reboot, run HJT again and see if that file is still there. If it is then lets run another searching tool. (no need to post a new log from HJT)

Please download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.
Click to expand...

Loupguru · 2006/08/30

"Silent Runners.vbs ", revision 47, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++} "

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Aim6" = "*z" (unwritable string) [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Smapp" = "C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [ "Analog Devices, Inc."]
"DrvLsnr" = "C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [ "adi"]
"PRONoMgrWired" = "c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [ "Intel(R) Corporation"]
"Promon.exe" = (empty string)
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" [ "NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"TkBellExe" = " "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [ "RealNetworks, Inc."]
"HostManager" = "C:\Program Files\Common Files\AOL\1141314055\ee\AOLSoftware.exe" [ "America Online, Inc."]
"ViewMgr" = "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [ "Viewpoint Corporation"]
"POINTER" = "point32.exe" [MS]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ "Nero AG"]
"IPHSend" = "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ "America Online, Inc."]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" [ "Logitech Inc."]
"LogitechVideo[inspector]" = "C:\Program Files\Logitech\Video\InstallHelper.exe /inspect" [ "Logitech Inc."]
"LogitechCameraService(E)" = "C:\WINDOWS\system32\ElkCtrl.exe /automation" [ "Logitech Inc."]
"Acrobat Assistant 7.0" = " "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" " [ "Adobe Systems Inc."]
"(Default)" = (empty string)
"WD Button Manager" = "WDBtnMgr.exe" [ "Western Digital Technologies, Inc."]
"SetIcon" = "\Program Files\WDC\SetIcon.exe" [ "Standard Microsystems Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" [ "GRISOFT, s.r.o."]
"QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe" -atboottime" [ "Apple Computer, Inc."]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [ "Safer Networking Limited"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]
{B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\awvtr.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [ "Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class "
-> {HKLM...CLSID} = "DesktopContext Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer "
-> {HKLM...CLSID} = "Desktop Explorer "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu "
-> {HKLM...CLSID} = "nView Desktop Context Menu "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" [ "NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper "
-> {HKLM...CLSID} = "NVIDIA CPL Extension "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player "
-> {HKLM...CLSID} = "RealOne Player Context Menu Class "
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" [ "RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes "
-> {HKLM...CLSID} = "iTunes "
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" [ "Apple Computer, Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler "
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" [ "Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler "
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" [ "Nero AG"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices "
-> {HKLM...CLSID} = "Portable Media Devices "
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu "
-> {HKLM...CLSID} = "Portable Media Devices Menu "
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band "
-> {HKLM...CLSID} = "Shell Search Band "
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler "
-> {HKLM...CLSID} = "Microsoft Office Outlook "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
"{201B354A-C001-483F-8A63-35BDDF4BFE5E}" = "Blackmagic FrameLink ContextMenu "
-> {HKLM...CLSID} = "AviContextMenu Class "
\InProcServer32\(Default) = "C:\Program Files\Blackmagic Design\Blackmagic DeckLink\FrameLink\flshlext.dll" [ "Blackmagic Design"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension "
-> {HKLM...CLSID} = "AVG7 Find Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * stera" [file not found], [MS], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! awvtr\DLLName = "C:\WINDOWS\system32\awvtr.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler "
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class "
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll" [ "Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "
-> {HKLM...CLSID} = "Acrobat Elements Context Menu "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
StuffIt Compress Menu\(Default) = "{3FBFD0B0-EB46-4797-9101-615610E87DA6} "
-> {HKLM...CLSID} = "StuffIt Compress Menu "
\InProcServer32\(Default) = "C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll" [ "Allume Systems, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
StuffIt Compress Menu\(Default) = "{3FBFD0B0-EB46-4797-9101-615610E87DA6} "
-> {HKLM...CLSID} = "StuffIt Compress Menu "
\InProcServer32\(Default) = "C:\Program Files\Allume Systems\StuffIt\CompressMenu.dll" [ "Allume Systems, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Val!\opps\BGs\tower.bmp "

Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe" [null data]
"DING!" -> shortcut to: "C:\Program Files\Southwest Airlines\Ding\Ding.exe" [ "Southwest Airlines"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93} "
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93} "
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" [ "Adobe Systems Incorporated"]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console "
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501} "

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research "

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [ "GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" [ "GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" [ "GRISOFT, s.r.o."]
Avid SDM Service, AvidSDMService, "system32\AvidSDMService.exe" [ "Avid Technology, Inc."]
AVSync Manager, AvSynMgr, " "C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" " [ "Network Associates, Inc."]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" [ "Apple Computer, Inc."]
Logitech Process Monitor, LVPrcSrv, "c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" [ "Logitech Inc."]
McShield, McShield, " "C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe" " [ "Network Associates, Inc."]
Retrospect WD Service, RetroWDSvc, "C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe" [ "Dantz Development Corporation"]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" [ "Analog Devices, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" [ "Adobe Systems Incorporated."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 11 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 7 seconds.
---------- (total run time: 38 seconds)

TeMerc · 2006/08/30

OK, lets try an alernative method of removal:

Download and install Registrar Lite version 2.00
Double click the purple Registrar Lite icon on your desktop.
Copy the line below and paste it into the "Address" field (located at the top) of the program:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects

Click the "Go" button.
On the right-hand side it will load all of your BHOs (you'll just see a bunch of numbers)
Locate the following entries:
B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A

Right click on each one and select Properties
Click the Permissions Button and a new window will open.
Click the Advanced button
Place a checkmark next to the following:
'Inherit from parent the permission entries that apply to child objects...'
Click OK, Ok again and rightclick on each of the following:
B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A

Choose delete.
Exit Registrar Lite.

Run HJT, see if that sucker is gone.

Loupguru · 2006/08/30

TeMerc said:

Locate the following entries:
B0510E7D-DCF3-43AF-B47A-53C6D4B02D5A

Right click on each one and select Properties
Click the Permissions Button and a new window will open.
Click to expand...

I guess you mean the 'permissions' button under the 'security' tab? but the permissions button is grey so i cant do anything:/

Log in or Sign up

HI Jack This - ' has encountered a problem and needs to close.'

Loupguru Inactive Thread Starter

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

Loupguru Inactive Thread Starter

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

Share This Page

Log in or Sign up

HI Jack This - ' has encountered a problem and needs to close.'

Loupguru Inactive Thread Starter

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

Loupguru Inactive Thread Starter

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

TeMerc Inactive Alumni

Loupguru Inactive Thread Starter

Share This Page

Useful Searches