Solved Caught the Trojan.Starter.384 and can't remove it

Noahdfear,
I've mailed/posted the ComboFix log to your submission channel that you requested.

Please advise.
Thanx for your help!

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

KillAll::
File::
C:\WINDOWS\psexesvc.exe._eac_qt_
C:\WINDOWS\system32\drivers\52788a39.sys
C:\WINDOWS\system32\drivers\597153f.sys
C:\WINDOWS\system32\drivers\946b15ad.sys
C:\WINDOWS\system32\drivers\94f4ff55.sys
C:\WINDOWS\system32\drivers\b11f2c43.sys
Driver::
52788a39
597153f
946b15ad
94f4ff55
b11f2c43

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

 

ComboFix 08-09-26.01 - Karen 2008-09-27 1:14:33.4 - NTFSx86
Running from: C:\Documents and Settings\Karen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Karen\Desktop\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\psexesvc.exe._eac_qt_
C:\WINDOWS\system32\drivers\52788a39.sys
C:\WINDOWS\system32\drivers\597153f.sys
C:\WINDOWS\system32\drivers\946b15ad.sys
C:\WINDOWS\system32\drivers\94f4ff55.sys
C:\WINDOWS\system32\drivers\b11f2c43.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\WINDOWS\psexesvc.exe._eac_qt_
C:\WINDOWS\system32\drivers\597153f.sys
C:\WINDOWS\system32\drivers\946b15ad.sys
C:\WINDOWS\system32\drivers\b11f2c43.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_52788a39
-------\Service_597153f
-------\Service_946b15ad
-------\Service_94f4ff55
-------\Service_b11f2c43


((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.

2067-02-24 15:21 . 2003-02-05 04:02 79,947 --a--c--- C:\WINDOWS\fw20.vxd
2008-09-25 15:02 . 2006-10-16 12:25 530,120 --a------ C:\vclnr.dll
2008-09-25 15:02 . 2006-10-03 21:49 880 --a------ C:\Cleanup.bat
2008-09-25 15:02 . 2006-10-03 21:49 675 --a------ C:\Done
2008-09-25 15:02 . 2005-11-29 17:14 654 --a------ C:\ClearClnPending.cnr
2008-09-22 13:41 . 2008-09-22 13:41 <DIR> d-------- C:\Program Files\VISTA_8139
2008-09-22 13:41 . 2005-08-12 05:29 73,728 --a------ C:\WINDOWS\SYSTEM32\ISUSPM.cpl
2008-09-17 22:18 . 2008-09-17 22:18 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-09-17 22:18 . 2008-09-17 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-17 22:18 . 2007-08-22 02:16 96,384 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\Rtnicxp.sys
2008-09-17 22:14 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys
2008-09-17 22:14 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rtl8139.sys
2008-09-15 17:10 . 2007-01-31 08:58 266,240 --------- C:\WINDOWS\SBCDSL.exe
2008-09-07 03:04 . 2008-09-07 03:04 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-09-06 16:44 . 2008-09-07 03:12 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-09-06 16:44 . 2008-09-07 03:12 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-09-06 16:44 . 2008-09-07 03:12 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-09-06 16:44 . 2008-09-07 03:12 32 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-09-03 00:01 . 2008-09-27 07:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-03 00:01 . 2008-09-03 00:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-02 21:09 . 2008-09-02 21:09 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-02 20:57 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2008-09-02 20:57 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-09-02 20:57 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-09-02 20:56 . 2008-05-08 07:02 203,136 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-09-02 20:14 . 2008-09-08 15:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-09-02 20:14 . 2008-09-08 15:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\en
2008-09-02 20:14 . 2008-09-08 15:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-02 19:55 . 2008-04-13 12:27 2,188,928 --a------ C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-09-02 19:33 . 2008-04-13 17:12 712,704 --------- C:\WINDOWS\SYSTEM32\windowscodecs.dll
2008-09-02 19:33 . 2008-04-13 17:12 346,112 --------- C:\WINDOWS\SYSTEM32\windowscodecsext.dll
2008-09-02 19:33 . 2008-04-13 17:12 276,992 --------- C:\WINDOWS\SYSTEM32\wmphoto.dll
2008-09-02 19:33 . 2008-04-13 17:12 69,120 --------- C:\WINDOWS\SYSTEM32\wlanapi.dll
2008-09-02 19:33 . 2008-04-13 17:12 53,248 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-09-02 19:33 . 2008-04-13 17:12 50,688 --------- C:\WINDOWS\SYSTEM32\tspkg.dll
2008-09-02 19:31 . 2008-04-13 17:11 650,752 --------- C:\WINDOWS\SYSTEM32\dot3ui.dll
2008-09-02 17:55 . 2008-09-08 15:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-02 17:23 . 2008-09-02 17:23 146 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-09-02 15:32 . 2008-09-02 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-31 21:47 . 2008-08-31 23:00 <DIR> d-------- C:\rsit
2008-08-30 00:02 . 2008-08-30 00:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-29 23:18 . 2003-04-22 22:48 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-29 23:18 . 2005-05-23 22:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-08-29 23:18 . 2008-08-29 23:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-29 21:21 . 2008-08-29 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 05:01 --------- d-----w C:\Program Files\MyEmoticons
2008-09-24 12:00 --------- d-----w C:\Program Files\Paint Shop Pro 5
2008-09-23 02:00 --------- d-----w C:\Program Files\MSN Messenger
2008-09-22 20:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 05:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-15 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-09-07 23:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-07 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-30 06:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 00:41 --------- d-----w C:\Program Files\Thegrideon Software
2008-08-27 08:03 --------- d-----w C:\Program Files\Acceleration Software
2008-08-27 08:00 --------- d-----w C:\Program Files\Common Files\eAcceleration
2008-08-27 05:42 --------- d-----w C:\Program Files\Y!Hook
2008-08-21 23:23 --------- d-----w C:\Program Files\Java
2008-08-21 05:19 --------- d-----w C:\Program Files\FrostWire
2008-08-21 05:13 --------- d-----w C:\Documents and Settings\Karen\Application Data\FrostWire
2008-08-21 05:09 --------- d-----w C:\Program Files\Incomplete
2008-08-12 00:20 --------- d-----w C:\Program Files\Oberon Media
2008-08-09 00:33 374 ----a-w C:\Documents and Settings\Karen\Application Data\internaldb6334.dat
2008-08-07 04:37 --------- d-----w C:\Program Files\Google
2008-08-05 00:12 431,104 -c--a-w C:\WINDOWS\KATESU~1.SCR
2008-07-26 13:07 555 ----a-w C:\Documents and Settings\Karen\Application Data\internaldb8467.dat
2008-07-26 13:07 18,432 ----a-w C:\Documents and Settings\Karen\Application Data\internaldb41.dat
2007-01-09 00:12 24,576 ----a-w C:\Documents and Settings\.viv\1168301542718playershim1186.dll
2005-07-15 17:47 628 -c--a-w C:\Documents and Settings\Karen\293322.bin
2005-07-11 21:39 96 -c--a-w C:\Documents and Settings\Karen\31242705.dat
2004-02-19 00:21 208,927 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "\Program\" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"IPInSightLAN 01 "= "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 380928]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD "= "C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"SoftwareStation "= "C:\Program Files\eAcceleration\Station\station.exe" [2008-04-15 173392]
"StopSignSsTsMon "= "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2008-04-21 152976]
"webscan "= "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [2008-06-12 767328]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"StopSignSsSsMon "= "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2008-04-21 140696]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StopSignSsFwMon "= "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll" [2008-03-05 222544]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"StopSignSsSsMon "= "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2008-04-21 140696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-12 450560]
Yahoo Lag Killer.lnk - C:\Program Files\Yahoo Lag Killer\YahooLagKiller.exe [2006-08-06 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit "= "C:\\WINDOWS\\system32\\Userinit.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc "= MimicICM.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Karen\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-06-11 02:52 122880 C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-11-07 16:41 8192 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QAGENT]
--a--c--- 2001-08-01 10:30 94208 C:\Program Files\QUICKENW\qagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-01 15:19 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"C:\\Program Files\\MSN Messenger\\livecall.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=

R0 fwcore;Fwcore Filter;C:\WINDOWS\system32\drivers\fwcore.sys [2008-04-23 100696]
R2 mrtRate;mrtRate;C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 34712]
S2 eac_notifysvc;eAcceleration Notification Service;C:\Program Files\eAcceleration\Framework\eac_svc.exe [2008-03-24 111952]
S2 eac_productsvc;eAcceleration Product Manager Service;C:\Program Files\eAcceleration\Framework\eac_productsvc.exe [2008-03-24 263504]
S2 FWService;FWService;C:\Program Files\eAcceleration\Firewall\FWService.exe [2008-04-23 337232]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\screamingbdriver.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 07:22:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\ScsiAccess.EXE
C:\PROGRA~1\ACCELE~1\ANTI-V~1\STOPSI~1.EXE
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-27 7:38:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 14:38:45
ComboFix2.txt 2008-09-25 07:27:27
ComboFix3.txt 2008-09-02 03:45:43

Pre-Run: 33,581,178,880 bytes free
Post-Run: 33,714,937,856 bytes free

237 --- E O F --- 2008-09-23 02:05:08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is the log from the last ComboFix run.

I do want to mention this to you though. Both times I ran the ComboFix, whenever it rebooted itself my computer got "stuck" on the "windows is shutting down" screen. It would just sit there and do nothing. The first time I waited 3 hours and just rebooted it myself. This time I left it overnight (over 6 hours) and it was still on that same screen this morning. I did go ahead and turn it off and reboot it myself again though, and this log seems to be a lot smaller. Have you heard of this problem before, and is it a "real problem "?

 

noahdafear,
I also wanted to mention to you that about ever 3rd time or so that I close an IE Browser I get an error message box that says:

CwndSessionMonitor:iexplore.exe - Application Error
The instruction at "0x62304390" referenced memory at "0x62304390. The memory could not be "read ".

Click on OK to terminate the program.

~~~~~~~~~~~~~~

I don't know what this means, but though I should mention it to you.

Thanx!

 

The error message is likely caused by a Yahoo add-on.
In your browser, click Tools>Internet Options>Programs tab>Manage Add-ons button.
Disable all references to Yahoo and OK out.
Close and re-open your browser a couple times.
If you want to identify which one is causing the problem (provided that fixes it), re-enable one at a time, restarting and closing the browser after each till you find the culprit.


ComboFix log looks good. The previous one was so large because you installed Service Pack 3 between ComboFix runs, and it listed all the changes. Not sure what caused it to hang on shutdown, but likely a process that didn't want to be terminated. Logitech processes have been known to cause some interference, so that might have been what caused it.

Lets get another online scan now.
Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log and one more fresh HijackThis log.

 

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 27, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, September 27, 2008 21:37:01
Records in database: 1266526

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
E:\

Scan statistics
Files scanned 111272
Threat name 40
Infected objects 113
Suspicious objects 0
Duration of the scan 06:11:29

File name Threat name Threats count
C:\Documents and Settings\Karen\Desktop\ATT_SST_Installer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 2

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\+++ VENOM BOMBER +++.zip Infected: HackTool.Win32.VB.xc 1

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\B O T S by ALL\Y-Famev6.zip Infected: IM-Flooder.Win32.VB.di 1

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\B O T S by ALL\yfame7bylucif3r.zip Infected: IM-Flooder.Win32.YFame.a 1

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\Mortification Creation 3.0.zip Infected: HackTool.Win32.Agent.au 1

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\Y-Fame6\Y-Fame v6\Y-Fame v6.exe Infected: IM-Flooder.Win32.VB.di 1

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\Y-Fame6\Y-Famev6.zip Infected: IM-Flooder.Win32.VB.di 1

C:\Documents and Settings\Karen\Local Settings\Application Data\Identities\{EE8D03D0-ADD5-4C4C-854F-D92500D50344}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 14

C:\Program Files\Excite\PrvtMsgr\bin\x8Idle0.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1

C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

C:\Program Files\Netscape\Communicator\Program\Plugins\NPMyWay.dll Infected: not-a-virus:AdWare.Win32.MyWay.f 1

C:\QooBox\Quarantine\C\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\All Y-Fame Versions\YFame6\Y-Famev6.zip.vir Infected: IM-Flooder.Win32.VB.di 1

C:\QooBox\Quarantine\C\Documents and Settings\Karen\Desktop\STB11.25\STB-07.exe.vir Infected: HackTool.Win32.VB.vm 1

C:\QooBox\Quarantine\C\Documents and Settings\Karen\Desktop\STB11.25\STB11.25.zip.vir Infected: HackTool.Win32.VB.vm 1

C:\QooBox\Quarantine\C\Documents and Settings\Karen\My Documents\My Received Files\black booting 2.zip.vir Infected: Flooder.Win32.VB.ci 1

C:\QooBox\Quarantine\C\Documents and Settings\Karen\My Documents\My Received Files\GMC--ChatClientBooterv.2.zip.vir Infected: IM-Flooder.Win32.VB.el 1

C:\QooBox\Quarantine\C\Documents and Settings\Karen\My Documents\My Received Files\Y account.zip.vir Infected: HackTool.Win32.YBotReg.f 1

C:\QooBox\Quarantine\C\Documents and Settings\Karen\My Documents\My Received Files\Y account.zip.vir Infected: HackTool.Win32.YBotReg.g 1

C:\QooBox\Quarantine\C\Documents and Settings\LocalService\Application Data\1588044899.exe.vir Infected: Trojan-Downloader.Win32.Small.aabc 1

C:\QooBox\Quarantine\C\Documents and Settings\LocalService\Application Data\584289103.exe._eac_qt_.vir Infected: Trojan-Downloader.Win32.Small.aacs 1

C:\QooBox\Quarantine\C\Documents and Settings\LocalService\Application Data\665755322.exe.vir Infected: Trojan-Downloader.Win32.Small.aaaq 1

C:\QooBox\Quarantine\C\Program Files\aaascreensavers\Keith Urban Active\VVSN_AAAS0741Inst.exe.vir Infected: not-a-virus:AdWare.Win32.SaveNow.z 1

C:\QooBox\Quarantine\C\Program Files\FileSubmit\Love Somebody Like you\NNEZTX638.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1

C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir Infected: not-a-virus:AdWare.Win32.FunWeb.b 1

C:\QooBox\Quarantine\C\Program Files\FunWebProducts\Installr\f3Setup1.exe.vir Infected: not-a-virusownloader.Win32.FunWeb 1

C:\QooBox\Quarantine\C\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe.vir Infected: not-a-virus:AdTool.Win32.WhenU.a 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.de 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdWare.Win32.MyWay.d 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE_tobedeleted.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL_tobedeleted.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch 1

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdWare.Win32.MyWay.u 1

C:\QooBox\Quarantine\C\Program Files\PestPatrol\Quarantine\20040824015343791\WINDOWS\system\bho001.dll.vir Infected: not-a-virus:AdWare.Win32.IGetNet.b 1

C:\QooBox\Quarantine\C\Program Files\PestPatrol\Quarantine\20040824015343791\WINDOWS\system\rsp001.dll.vir Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\QooBox\Quarantine\C\Program Files\PestPatrol\Quarantine\20040824015343791\WINDOWS\system\update_com.dll.vir Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\QooBox\Quarantine\C\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll.vir Infected: not-a-virus:AdWare.Win32.Comet.c 1

C:\QooBox\Quarantine\C\unzipped\black booting 2\BlackBooting v.2.6.exe.vir Infected: Flooder.Win32.VB.ci 1

C:\QooBox\Quarantine\C\unzipped\ChatKillerlimitedv1\Chat Killer limited.exe.vir Infected: IM-Flooder.Win32.VB.cs 1

C:\QooBox\Quarantine\C\unzipped\elite_bomber-140\elite_bomber_140\Elite Bomber.exe.vir Infected: HackTool.Win32.VB.hp 1

C:\QooBox\Quarantine\C\unzipped\GMC--ChatClientBooterv.2\GMC---Chat Client Booter v2.exe.vir Infected: IM-Flooder.Win32.VB.el 1

C:\QooBox\Quarantine\C\unzipped\Mortification Creation 3.0\Mortification Creation 3.0\Mortification_Creation.exe.vir Infected: HackTool.Win32.Agent.au 1

C:\QooBox\Quarantine\C\unzipped\Occ Bomber\Occ Bomber\Occ.exe.vir Infected: Flooder.Win32.VB.de 1

C:\QooBox\Quarantine\C\unzipped\Y-Famev6\Y-Fame v6\Y-Fame v6.exe.vir Infected: IM-Flooder.Win32.VB.di 1

C:\QooBox\Quarantine\C\unzipped\yfame7bylucif3r\yfame7bylucif3r\Y-Fame v7.exe.vir Infected: IM-Flooder.Win32.YFame.a 1

C:\QooBox\Quarantine\C\WINDOWS\b122.exe._eac_qt_.vir._eac_qt_ Infected: not-a-virus:AdWare.Win32.Rond.b 1

C:\QooBox\Quarantine\C\WINDOWS\b122.exe._eac_qt_.vir._eac_qt_ Infected: not-a-virus:AdWare.Win32.Mostofate.u 1

C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\imloader.exe.vir Infected: not-a-virusownloader.Win32.ImLoader.c 1

C:\QooBox\Quarantine\C\WINDOWS\eSearchBar\exactSetup.exe.vir Infected: not-a-virus:AdWare.Win32.Exact.a 3

C:\QooBox\Quarantine\C\WINDOWS\iLookup\ezStub22.exe.vir Infected: not-a-virus:AdWare.Win32.EZula.z 1

C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall6_38.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\16.tmp._eac_qt_.vir Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\b.tmp._eac_qt_.vir Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cbevtsvc.exe._eac_qt_.vir Infected: Trojan-Downloader.Win32.Agent.ytu 1

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\~.exe._eac_qt_.vir Infected: Trojan-Downloader.Win32.Agent.ytu 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033276.exe Infected: IM-Flooder.Win32.VB.di 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033278.exe Infected: HackTool.Win32.VB.vm 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033279.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033280.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033281.dll Infected: not-a-virus:AdWare.Win32.MyWay.f 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033282.dll Infected: not-a-virus:AdWare.Win32.IGetNet.b 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033283.dll Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033284.dll Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033285.exe Infected: Flooder.Win32.VB.ci 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033286.exe Infected: IM-Flooder.Win32.VB.cs 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033287.exe Infected: IM-Flooder.Win32.VB.el 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033288.exe Infected: HackTool.Win32.VB.hp 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033289.exe Infected: HackTool.Win32.VB.xb 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033290.exe Infected: HackTool.Win32.Agent.au 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033291.exe Infected: Flooder.Win32.VB.de 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033292.exe Infected: IM-Flooder.Win32.VB.di 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033293.exe Infected: IM-Flooder.Win32.YFame.a 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033295.exe Infected: not-a-virus:AdWare.Win32.Exact.a 3

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP44\A0033296.exe Infected: not-a-virus:AdWare.Win32.EZula.z 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047607.exe Infected: HackTool.Win32.VB.vm 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047608.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047609.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047610.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047611.dll Infected: not-a-virus:AdWare.Win32.IGetNet.b 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047612.dll Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047613.dll Infected: not-a-virus:AdWare.Win32.IGetNet.a 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047614.exe Infected: Flooder.Win32.VB.ci 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047615.exe Infected: IM-Flooder.Win32.VB.cs 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047616.exe Infected: HackTool.Win32.VB.hp 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047617.exe Infected: IM-Flooder.Win32.VB.el 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047618.exe Infected: HackTool.Win32.Agent.au 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047619.exe Infected: Flooder.Win32.VB.de 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047620.exe Infected: IM-Flooder.Win32.VB.di 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047621.exe Infected: IM-Flooder.Win32.YFame.a 1

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047622.exe Infected: not-a-virus:AdWare.Win32.Exact.a 3

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP58\A0047624.exe Infected: not-a-virus:AdWare.Win32.EZula.z 1

C:\unzipped\makeashitloadofnamesnshit\Make A ShitLoad of Names N ****!!!!!!!.exe Infected: HackTool.Win32.VB.xb 1

The selected area was scanned.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The HackThis Log will be on the next post (too much to post on just one post)

 

HackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:51 PM, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll ",VerifyStatus /ro
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Yahoo Lag Killer.lnk = C:\Program Files\Yahoo Lag Killer\YahooLagKiller.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1128733974140
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_6us.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4861/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_2_3_0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: bw+0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {DB0F582A-7611-4AA1-B6CF-5AE9BBBDC854} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: FWService - eAcceleration Corp - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O24 - Desktop Component 0: (no name) - http://www.d-web.com/karen-224/aj2.jpg

--
End of file - 24398 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here's both reports/logs that you asked for. Please let me know what's next
Thanx.

 

You've still got several infected files in the follwing folder, who's name is being filtered out by the forum software. ComboFix couldn't remove them due to not having the full name.

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****

The files you need to remove are below.

C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\+++ VENOM BOMBER +++.zip
C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\B O T S by ALL\Y-Famev6.zip
C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\B O T S by ALL\yfame7bylucif3r.zip
C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\Mortification Creation 3.0.zip
C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\Y-Fame6\Y-Fame v6\Y-Fame v6.exe
C:\Documents and Settings\Karen\Desktop\Desktop Folders\PUTER PROTECTION\BOOT ****\Y-Fame6\Y-Famev6.zip


After you've deleted those, scan again with HijackThis and place a check next to the following entries.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)


Close all open browser windows then click fix checked.


Next, it's time to clean up. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.


Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot


Let me know how your computer is performing when done.

 

Hi noahdfear,
I did all the things that you listed and everything seems to be working great! Thanx for all your patience and help. Your experience with computers is amazing! I really appreciate all you've done for me!

I'll let you know if anything else "strange" happens (not that you want to hear it again LOL).

You guys/ladies provide an awesome service with this site. I'm sure I'm not the only one that has told you all this but, KEEP UP THE GOOD WORK!! We need people like you to help us with our "issues" I'll be sure to make a donation to "the cause" on my next payday. All your help was very appreciated, and so easy to understand, thanx again!

Take care and have a great weekend (what's left of it)!!

 

I'm happy to hear things are back to normal, and that I was able to help. You're most welcome!

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!