Unknown process jszqfzhqemq.exe [HJT Log]

I was just looking at my processes and i found a rather strange one called jszqfzhqemq.exe. I dont seem to be able to find anything on the internet about it which gives me the hint that it may not be a legit program. My AV and AS dont find anything which is weird.
Any suggestions?

Thanks,

Alex

 

Try and close it, and see if it effects anything on your pc eg'
Internet Faster, Other Programs dont responds etc, or it doesnt let you close.

If it doesnt let you close it, it is either a critical windows file (i doubt it)
or adware, spyware, virus or trojan watching you, and has been coded so that it cant be closed or detected.

Try doing a search for it, and see where it is.

This may help define what it is.

 

Well, i closed the process and it did so without any complaining. It didnt seem to be eating up much resources or taking up much processor %age.
I searched for it on my computer and found a similar file called "JSZQFZHQEMQ.EXE-00668E22.pf" residing in "C:\WINDOWS\Prefetch ".
Do you want me to put up a HJT log?

Edit: It has suddenly appeared on my startup list as well. Actually looking closely, it's on there twice!

 

Hello Alex,

Yes. As soon as you do, one of the Mods will move this thread to the Virus/spyware removal section.

Regards - Charles

 

Here she is:

Logfile of HijackThis v1.99.1
Scan saved at 16:46:44, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Teamspeak2_RC2client\TeamSpeak.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Alex Law\My Documents\My Completed Downloads\setup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex Law\My Documents\Private\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66 "
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKLM\..\Run: [Windows anti virus Layer] jszqfzhqemq.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [Windows anti virus Layer] jszqfzhqemq.exe
O4 - HKCU\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU "
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118431071750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143228985921
O17 - HKLM\System\CCS\Services\Tcpip\..\{B27ABDAD-D888-448D-A839-CF8756E8FB06}: NameServer = 212.74.112.66,212.74.112.67
O18 - Protocol: bw+0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

hmmm... is there a reason why there are so many Logitech messenger things?
I only have a Logitech Mouse...

 

Hello and welcome. I'll be your guide today as we navigate the murky waters of malware removal. Please strap yourself in and keep your hands contained within the ride for the duration.

Seeing as there is little to no info about this file, I'd like you to submit it for an online scan.

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis, it's location is likely to be in the system32 folder:
jszqfzhqemq.exe<<<--this file

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Be patient as this site is usually very busy.

Also please submit it to Virus Total File scanner

At the top of the page, select the 'browse' button, locate the file and click the 'Send' button. It will upload and give you an approximate time the file will be ready for a scan.

Add those results here too.

Please hit Hit 'Ctrl' + 'Alt' + 'Delete' to bring up running processes and 'End Task' on the following process(es) if present:
jszqfzhqemq.exe


Run Hijackthis and look over the following entries I have listed, check the boxes next to them and press the "Fix Checked" button with HijackThis. When you are doing this, make sure you have No IE windows, or other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)


O4 - HKLM\..\Run: [Windows anti virus Layer] jszqfzhqemq.exe

O4 - HKLM\..\RunServices: [Windows anti virus Layer] jszqfzhqemq.exe


Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Also, enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

And search for, then delete, if found, (some may not be present after previous steps) the following files/folders:
jszqfzhqemq.exe<<<--this file

To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

Post a new HJT log back into this thread please.

Also please note for me any other odd or unusual activities on the system.

 

I cant do it right at this minute as the site seems constatly busy. Anyway, i found the file isn't actually a .exe file.

It is a "C:\WINDOWS\Prefetch\JSZQFZHQEMQ.EXE-00668E22.pf" file.
Any idea what one of those is?

 

Looks odd and when I try and Google it it acts as tho it is a website and does not load, very strange indeed.

No need to wait on the scan sites really, you can proceed with the fixing as described above.

 

I used those sites and none of them brought up anything. I deleted and removed it from my startup list, and while the process is no longer running, it reappears in the "C:\windows\prefetch" folder every time i reboot.

 

The item found in prefetch is not a threat. I do however need a fresh HJT log, and I forgot to have you fix all the 018 lines, which you can do before posting a new log.

I'd also like to dig a little bit deeper looking for infection files.

Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

 

This is what combofix spewed out:

Alex Law - 06-10-25 21:14:22.29 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Alex Law\My Documents\My Completed Downloads "

((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))


2006-10-24 19:07 15,360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-10-24 19:07 14,848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-10-24 19:07 13,824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-10-24 19:07 117,248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-10-20 15:25 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-10-02 20:04 806,912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806,912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790,528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635,486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-01 17:30 20,992 --a------ C:\WINDOWS\jestertb.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-25 21:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-25 20:00 -------- d-------- C:\Program Files\Trillian
2006-10-25 19:56 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-25 19:56 -------- d-------- C:\Program Files\Electronic Arts
2006-10-25 16:28 34308 --a------ C:\WINDOWS\system32\Chip.dll
2006-10-24 19:07 -------- d-------- C:\Program Files\Webroot
2006-10-24 19:07 -------- d-------- C:\Documents and Settings\Alex Law\Application Data\Webroot
2006-10-24 17:01 -------- d-------- C:\Program Files\MSN Messenger
2006-10-24 17:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-24 16:46 -------- d-------- C:\Program Files\Yahoo!
2006-10-24 16:33 -------- d-------- C:\Program Files\PC Drivers Headquarters
2006-10-23 17:44 -------- d-------- C:\Documents and Settings\Alex Law\Application Data\DivX
2006-10-20 18:47 -------- d-------- C:\Program Files\BitTornado
2006-10-20 15:27 -------- d-------- C:\Program Files\DAP
2006-10-20 15:02 691 --a------ C:\Documents and Settings\Alex Law\Application Data\AdobeDLM.log
2006-10-20 08:37 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-10-19 18:20 -------- d-------- C:\Program Files\EA GAMES
2006-10-14 18:14 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-14 17:55 -------- d-------- C:\Program Files\DivX
2006-10-14 17:37 -------- d-------- C:\Documents and Settings\Alex Law\Application Data\AdobeUM
2006-10-14 09:44 -------- d-------- C:\Program Files\TweakNow RegCleaner Std
2006-10-13 14:49 -------- d-------- C:\Documents and Settings\Alex Law\Application Data\.BitTornado
2006-10-13 14:37 -------- d-------- C:\Program Files\Windows NT
2006-09-27 13:33 -------- d-------- C:\Program Files\SlySoft
2006-09-27 13:33 -------- d-------- C:\Program Files\Elaborate Bytes
2006-09-25 16:45 666240 --a------ C:\WINDOWS\system32\aswBoot.exe
2006-09-25 16:40 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-09-25 16:40 85952 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2006-09-25 16:39 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-09-25 16:39 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-09-25 16:37 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-25 16:37 24560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-09-24 15:28 223128 --a--c--- C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-24 15:24 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-24 09:52 -------- d-------- C:\Documents and Settings\Alex Law\Application Data\Ahead
2006-09-24 09:36 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-23 20:17 -------- d-------- C:\Program Files\AoA DVD Ripper
2006-09-23 19:34 53760 --a------ C:\WINDOWS\system32\Squeeze.dll
2006-09-23 18:48 -------- d-------- C:\Documents and Settings\Alex Law\Application Data\PC Tools
2006-09-23 17:42 -------- d-------- C:\Program Files\ACE-HIGH MP3 WAV WMA OGG Converter
2006-09-22 10:28 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-19 11:50 90112 --a------ C:\WINDOWS\system32\mp4_lib.dll
2006-09-18 12:05 -------- d-------- C:\Program Files\CloneDVD
2006-09-16 19:23 -------- d-------- C:\Program Files\Windows Media Player
2006-09-16 19:14 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-29 13:46 720896 --a------ C:\WINDOWS\iun6002ev.exe
2006-08-29 13:46 -------- d-------- C:\Program Files\Bejeweled 2 Deluxe
2006-08-29 13:23 -------- d-------- C:\Program Files\Common Files
2006-08-29 13:14 -------- d-------- C:\Program Files\InterActual
2006-08-27 11:54 -------- d-------- C:\Program Files\ImTOO
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 22:42 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-08-24 22:42 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-08-24 22:30 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-24 22:30 990208 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-24 22:30 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-08-24 22:30 8337920 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-24 22:30 790016 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-08-24 22:30 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-08-24 22:30 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-24 22:30 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-08-24 22:30 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-08-24 22:30 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-08-24 22:30 611840 --------- C:\WINDOWS\system32\wmpmde.dll
2006-08-24 22:30 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-08-24 22:30 537600 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-24 22:30 532992 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-08-24 22:30 428032 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-08-24 22:30 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-08-24 22:30 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-08-24 22:30 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-24 22:30 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-08-24 22:30 349184 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-08-24 22:30 347648 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-08-24 22:30 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-24 22:30 320512 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-24 22:30 316928 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-08-24 22:30 314368 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-08-24 22:30 305152 --------- C:\WINDOWS\system32\MSDelta.dll
2006-08-24 22:30 295424 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-08-24 22:30 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-08-24 22:30 276480 --a------ C:\WINDOWS\system32\audiodev.dll
2006-08-24 22:30 27648 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-08-24 22:30 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-08-24 22:30 2589184 --------- C:\WINDOWS\system32\WpdShext.dll
2006-08-24 22:30 258560 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-08-24 22:30 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-08-24 22:30 242176 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-08-24 22:30 228352 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-24 22:30 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-08-24 22:30 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-08-24 22:30 211968 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-08-24 22:30 210432 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-24 22:30 204800 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-08-24 22:30 198144 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-08-24 22:30 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-24 22:30 175104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-24 22:30 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-08-24 22:30 1660416 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-08-24 22:30 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-08-24 22:30 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-08-24 22:30 1539584 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-08-24 22:30 1532416 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-08-24 22:30 1392128 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-08-24 22:30 133120 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-08-24 22:30 1327616 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-08-24 22:30 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-08-24 22:30 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-08-24 22:30 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-08-24 22:30 1118208 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-08-24 22:30 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-08-24 20:31 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-24 20:27 249344 --------- C:\WINDOWS\system32\drmupgds.exe
2006-08-24 20:26 95288 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-08-24 20:26 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-08-24 19:19 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-08-24 19:19 145920 --------- C:\WINDOWS\system32\WudfHost.exe
2006-08-24 19:18 56320 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-08-24 19:18 168448 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-08-23 22:08 217088 --a------ C:\WINDOWS\system32\avformat-50.dll
2006-08-23 22:08 1839104 --a------ C:\WINDOWS\system32\avcodec-51.dll
2006-08-23 22:08 16896 --a------ C:\WINDOWS\system32\avutil-49.dll
2006-08-23 21:42 759917 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 20:14 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-11 00:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 00:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-08-02 23:12 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-08-02 23:08 258048 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-08-02 23:02 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-08-02 23:02 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-08-02 23:02 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-08-02 23:02 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-02 23:02 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-08-02 23:01 401408 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-08-02 23:00 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-08-02 22:55 2373088 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-08-02 22:51 2354720 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-08-02 22:49 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-08-02 22:45 5136384 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-08-02 22:41 208896 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-08-02 22:40 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-08-02 22:40 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-08-02 22:35 286720 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-08-02 17:27 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 18:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"EPSON Stylus C66 Series "= "\ "C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0S2.EXE\" /P23 \ "EPSON Stylus C66 Series\" /M \ "Stylus C66\" /EF \ "HKCU\" "
"LDM "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CTSysVol "= "\ "C:\\Program Files\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe\" "
"avast! "= "C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe "
"EPSON Stylus C66 Series "= "\ "C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0S2.EXE\" /P23 \ "EPSON Stylus C66 Series\" /O6 \ "USB001\" /M \ "Stylus C66\" "
"SmcService "= "\ "C:\\PROGRA~1\\Sygate\\SPF\\smc.exe\" -startgui "
"IAAnotif "= "\ "C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe\" "
"CTHelper "= "CTHELPER.EXE "
"Logitech Hardware Abstraction Layer "= "KHALMNPR.EXE "
"ATICCC "= "\ "C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000000
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,ac,fd,ff,ff,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE "= "C:\\WINDOWS\\system32\\CTFMON.EXE "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "
"WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alex Law^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path "= "C:\\Documents and Settings\\Alex Law\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk "
"backup "= "C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup "
"location "= "Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item "= "Adobe Gamma "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ Labtec Mouse Software 2.0.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ Labtec Mouse Software 2.0.lnk "
"backup "= "C:\\WINDOWS\\pss\\ Labtec Mouse Software 2.0.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Labtec\\WIRELE~1\\MulMouse.exe "
"item "=" Labtec Mouse Software 2.0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk "
"backup "= "C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item "= "Adobe Gamma Loader "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk "
"backup "= "C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item "= "Adobe Reader Speed Launch "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BlueSoleil.lnk "
"backup "= "C:\\WINDOWS\\pss\\BlueSoleil.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE "
"item "= "BlueSoleil "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk "
"backup "= "C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item "= "InterVideo WinCinema Manager "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk "
"backup "= "C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE -b -l "
"item "= "Microsoft Office "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AdobeUpdater "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Common Files\\Adobe\\Updater\\AdobeUpdater.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AnyDVD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AOLSP Scheduler "
"hkey "= "HKLM "
"command "= "\ "C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AOLDial "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bacstray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "BacsTray "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Broadcom\\BACS\\\\BacsTray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CTDetect "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "CTDVDDet "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ctfmon "
"hkey "= "HKCU "
"command "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "daemon "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033 "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DAP "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Core "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Electronic Arts\\EA Downloader\\Core.exe -silent "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "InCD "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "IntelMEM "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06AXLRD_41135765]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "EDICT "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Microsoft Student\\Microsoft Student 2006 DVD\\EDICT.EXE\" -m "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06AXLRD_75671]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "EDICT "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Microsoft Student\\Microsoft Student 2006 DVD\\EDICT.EXE\" -m "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "msmsgs "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "NBJ "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "NeroCheck "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "=" "
"hkey "= "HKLM "
"command "=" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "qttask "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "RealPlay "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "/L:ENG "
"hkey "= "HKCU "
"command "= "/L:ENG "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "smc "
"hkey "= "HKLM "
"command "= "C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Dragdiag "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "TeaTimer "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "SpySweeperUI "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Steam "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Steam\\Steam.exe -silent "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "StyleXP "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jusched "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "sgtray "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AdobeUpdateManager "
"hkey "= "HKCU "
"command "= "\ "C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1 "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC5Player]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "VC5Play "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\HHVcdV5Sys\\VC5Play.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "winampa "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Winamp\\winampa.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows anti virus Layer]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jszqfzhqemq "
"hkey "= "HKLM "
"command "= "jszqfzhqemq.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC "=dword:00000002
"NipSvc "=dword:00000003
"CallerIP "=dword:00000003
"AOLService "=dword:00000002
"Adobe LM Service "=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
Completion time: 06-10-25 21:15:40.51
C:\ComboFix.txt ... 06-10-25 21:15

 

This is the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 21:21:29, on 25/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Teamspeak2_RC2client\TeamSpeak.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alex Law\My Documents\Private\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE" /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66 "
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe "
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe "
O4 - HKCU\..\Run: [EPSON Stylus C66 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE" /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU "
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118431071750
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143228985921
O17 - HKLM\System\CCS\Services\Tcpip\..\{B27ABDAD-D888-448D-A839-CF8756E8FB06}: NameServer = 212.74.112.66,212.74.112.67
O18 - Protocol: bw+0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {1F06C846-7C88-4E1B-8B9F-63D00AB66A5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

OK, I don't see any more references to that file, aside from the one in prefetch, which you can manually delete, have you seen it start up or run any more? Let me know.

Also, you can run HJT again and fix all the 018 entries. You don't need to post another log tho.

 

It hasn't started again.

Thanks for the help

Alex

 

Glad to hear. And now a word from our sponsors. (btw, not really)

We have 3 more things to do, to help ensure you have removed all the little 'leftovers' which may be hiding:

Empty the TIF (Temporary Internet Files)
Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
The app below will help with temp files.
Index.dat Suite

Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

Here is a link which describes how security apps work with WIN XP machines.
XP User Accts Security Apps Operation

To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

SpywareBlaster
With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

To avoid known malware infested sites from loading in IE install IESPY ADS.
And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.5.

Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

Links for tutorials for all the apps I mentioned can be found on my site as well.

Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
Calendar of Updates

Subscribe to update alerts for all the above security apps here.

You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
TeMerc Test Box Forum

Happy surfing!!
Tom