Ref: Spyware that can't be detected.

  1. 12-02-2006  #1
    ragebe
    ragebe is offline Full Member

    Exclamation Ref: Spyware that can't be detected.

    With reference to the thread @

    <http://www.d-a-l.com/help/showthread.php?p=87171#post87171>

    Please see below the HijackThis log. Worryingly, I see nothing untoward - although ZoneAlarmPro continues to flag alerts for the suspect site - which makes me wonder if there isn't something in the Windows' system files that's been monkeyed with. Whatever is making the attempt, seems to give it either 5 or 10 goes, then gives up for a while.

    Most prevalent IP address coming up, is 68.178.211.7.53 and most commonly used programme is BOINC.

    Thanks for the help so far.

    ------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 13:59:03, on 12/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\WINDOWS\System32\DrvMon.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    D:\Program Files\Yahoo!\Messenger\ypager.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\DC++\DCPlusPlus.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinc.exe
    D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [FileZilla Server Interface] "D:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\RunServices: [System Updates] winsci.exe
    O4 - HKCU\..\Run: [DrvMon.exe] D:\WINDOWS\System32\DrvMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\RunServices: [System Updates] winsci.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = D:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: PsiWin 2.3 Connection Server .lnk = D:\Program Files\Psion\PsiWin\Psconsv.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: bw+0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Last edited by ragebe; 13-02-2006 at 10:06 AM. Reason: Corrected spelling
  2. 12-02-2006  #2
    Neal
    Neal is offline Dedicated Member
    Welcome to DAL,

    Where do you live?

    That IP: 68.178.211.7.53 is out of Scottsdale Arizona?

    This definately doesn't look good: Wjatever


    Let's run a couple of scans and see if we can flush something out of the bushes.


    Internet Explorer required
    http://www.pandasoftware.com/products/activescan.htm

    Panda will make a log of anything it finds, post that back here please.



    Please download, install, and update the NEW free version of Ewido trojan scanner:
    [*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    [*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    [*]From the main ewido screen, click on update in the left menu, then click the Start update button.
    [*]After the update finishes (the status bar at the bottom will display "Update successful")
    [*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
    [*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
    [*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

    Post the log Ewido makes back here please.
  3. 12-02-2006  #3
    ragebe
    ragebe is offline Full Member
    Hi Neal, thanks for the response.

    That IP address may well be from Arizona (allegedly) however it is the home site of an African-American (apparently) who was also part of the team who invented the world's first "supercomputer" oh, he also appears to be from Nigeria. Don't know if his lucky number is 4 or 1 or 9. Plenty of info on Google about emeagwali.

    I live in the New Forest.

    I ran the Panda scan (took a while) which of course necessitated running IE, something I rarely use, preferring to use Firefox. Whilst the scan was running, I had numerous alerts from ZoneAlarm, about IE trying to change ZAP files, I've listed them in the next message in this thread, below.

    Panda found 5 suspect files, which I deleted, then re-ran Panda scan, on those folders, now reports all clear.

    Panda scan was:

    Incident Status Location

    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Luke\Application Data\Mozilla\Firefox\Profiles\hqk2hui4.default\coo kies.txt[]

    Joke:Joke/Desktits Not disinfected C:\E drive\misc\golf.exe

    Joke:Joke/Snowman Not disinfected C:\E drive\misc\snowman.exe

    Spyware:Cookie/Zedo Not disinfected D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qf7v52r5.default\coo kies.txt[]

    Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qf7v52r5.default\coo kies.txt[88657980]

    Moral: Don't let your 15 y.o. son loose on your own PC. Make him use the one in his bedroom and use your wireless router as a gateway. The two cookies, appeared to pertinent to Firefox and/or eBay.

    Anyway, these appeared to be fairly minor, as I said, I'm now concerened over IE trying to change ZAP files, see next post.
    Last edited by ragebe; 13-02-2006 at 10:08 AM. Reason: More info on IP address
  4. 12-02-2006  #4
    ragebe
    ragebe is offline Full Member
    ....but to continue, below is what ZoneAlarms flagged up as alerts, whilst I was running the Panda scan, on IE, I'll run ewido overnight and post resultant log in morning:

    Internet Explorer is trying to create or open a file.
    The current security setting for Internet Explorer does not permit this action. Your computer is safe.

    What should I do?

    ZoneAlarm Pro has blocked Internet Explorer from creating or opening a file. If you trust Internet Explorer and believe it requires a file to be opened or accessed, then you may want to change the Trust Level of this program. It is also possible that the attempt to create or open a file was malicious in nature. In that case, you should not change the Trust Level so that your system will continue to be protected.

    Why?

    Internet Explorer may be malicious. This is particularly true if the file being created or opened contains application or Windows settings, and changing these settings will affect the security of the system.

    Alert property Alert property value Technical explanation
    Program Name Internet Explorer A program running on your computer, which attempted an action that it is not currently permitted to perform.
    Program Size 93184 The size of the program executable file in bytes.
    Program MD5 e7484514c0464642be7b4dc2689354c8 The MD5 hash, or number, that uniquely identifies the executable.
    Smart Checksum 96e5fe9061fe3b605c93ad160c9c71aa The SKIMP hash, or number, that uniquely identifies the executable.
    Date Modified Aug-04-2004 0750 AM The date when No Program File was most recently modified.
    Event Type File The event involved writing to or deletion of a file.
    Sub Event Type FileWrite Internet Explorer attempted to write to a file.
    File Pathname ZLDIR\repair\vsinit.dll Fully qualified name of the file being written to.

    Alert property Alert property value Technical explanation
    Program Name Internet Explorer A program running on your computer, which attempted an action that it is not currently permitted to perform.
    Program Size 93184 The size of the program executable file in bytes.
    Program MD5 e7484514c0464642be7b4dc2689354c8 The MD5 hash, or number, that uniquely identifies the executable.
    Smart Checksum 96e5fe9061fe3b605c93ad160c9c71aa The SKIMP hash, or number, that uniquely identifies the executable.
    Date Modified Aug-04-2004 0750 AM The date when No Program File was most recently modified.
    Event Type File The event involved writing to or deletion of a file.
    Sub Event Type FileWrite Internet Explorer attempted to write to a file.
    File Pathname ZLDIR\scan.zmx Fully qualified name of the file being written to.

    Alert property Alert property value Technical explanation
    Program Name Internet Explorer A program running on your computer, which attempted an action that it is not currently permitted to perform.
    Program Size 93184 The size of the program executable file in bytes.
    Program MD5 e7484514c0464642be7b4dc2689354c8 The MD5 hash, or number, that uniquely identifies the executable.
    Smart Checksum 96e5fe9061fe3b605c93ad160c9c71aa The SKIMP hash, or number, that uniquely identifies the executable.
    Date Modified Aug-04-2004 0750 AM The date when No Program File was most recently modified.
    Event Type File The event involved writing to or deletion of a file.
    Sub Event Type FileWrite Internet Explorer attempted to write to a file.
    File Pathname ZLDIR\zauninst.exe Fully qualified name of the file being written to.

    Alert property Alert property value Technical explanation
    Program Name Internet Explorer A program running on your computer, which attempted an action that it is not currently permitted to perform.
    Program Size 93184 The size of the program executable file in bytes.
    Program MD5 e7484514c0464642be7b4dc2689354c8 The MD5 hash, or number, that uniquely identifies the executable.
    Smart Checksum 96e5fe9061fe3b605c93ad160c9c71aa The SKIMP hash, or number, that uniquely identifies the executable.
    Date Modified Aug-04-2004 0750 AM The date when No Program File was most recently modified.
    Event Type File The event involved writing to or deletion of a file.
    Sub Event Type FileWrite Internet Explorer attempted to write to a file.
    File Pathname ZLDIR\zonealarm.exe Fully qualified name of the file being written to.

    Alert property Alert property value Technical explanation
    Program Name Internet Explorer A program running on your computer, which attempted an action that it is not currently permitted to perform.
    Program Size 93184 The size of the program executable file in bytes.
    Program MD5 e7484514c0464642be7b4dc2689354c8 The MD5 hash, or number, that uniquely identifies the executable.
    Smart Checksum 96e5fe9061fe3b605c93ad160c9c71aa The SKIMP hash, or number, that uniquely identifies the executable.
    Date Modified Aug-04-2004 0750 AM The date when No Program File was most recently modified.
    Event Type File The event involved writing to or deletion of a file.
    Sub Event Type FileWrite Internet Explorer attempted to write to a file.
    File Pathname ZLDIR\zatutor.exe Fully qualified name of the file being written to.

    Alert property Alert property value Technical explanation
    Program Name Internet Explorer A program running on your computer, which attempted an action that it is not currently permitted to perform.
    Program Size 93184 The size of the program executable file in bytes.
    Program MD5 e7484514c0464642be7b4dc2689354c8 The MD5 hash, or number, that uniquely identifies the executable.
    Smart Checksum 96e5fe9061fe3b605c93ad160c9c71aa The SKIMP hash, or number, that uniquely identifies the executable.
    Date Modified Aug-04-2004 0750 AM The date when No Program File was most recently modified.
    Event Type File The event involved writing to or deletion of a file.
    Sub Event Type FileWrite Internet Explorer attempted to write to a file.
    File Pathname WINDIR\Internet Logs\ZALog.txt Fully qualified name of the file being written to.

    Alert property Alert property value Technical explanation
    Program Name Internet Explorer A program running on your computer, which attempted an action that it is not currently permitted to perform.
    Program Size 93184 The size of the program executable file in bytes.
    Program MD5 e7484514c0464642be7b4dc2689354c8 The MD5 hash, or number, that uniquely identifies the executable.
    Smart Checksum 96e5fe9061fe3b605c93ad160c9c71aa The SKIMP hash, or number, that uniquely identifies the executable.
    Date Modified Aug-04-2004 0750 AM The date when No Program File was most recently modified.
    Event Type File The event involved writing to or deletion of a file.
    Sub Event Type FileWrite Internet Explorer attempted to write to a file.
    File Pathname WINSYSDIR\vsregexp.dll Fully qualified name of the file being written to.
    Last edited by ragebe; 13-02-2006 at 12:02 AM. Reason: Removed extra spaces for clarity of reading.
  5. 13-02-2006  #5
    ragebe
    ragebe is offline Full Member
    Okay, Ewido has just finished and reports, No Infected Objects. That's good but ZoneAlarm still reports attempts to connect to suspect site
  6. 13-02-2006  #6
    Neal
    Neal is offline Dedicated Member
    That is good.

    Have you ever had any dealings with GoDaddy.com?


    http://www.dnsstuff.com/tools/whois.ch?ip=68.178.211.7


    Please post a new hijackthis log please and we can fix an item or two there and see if that changes things.
    Last edited by Neal; 13-02-2006 at 04:52 AM.
  7. 13-02-2006  #7
    ragebe
    ragebe is offline Full Member
    Never had anything to do with GoDaddy. I suspect IE to be honest, given how 'holey' that particular piece of s/w has proved to be. But IE came on a disc from BT, along with Openworld s/w. Admittedly it's been updated by MSoft since but it appears to be last modified August 2004. I've formatted the discs and re-installed XP at least once since then.

    Latest HiackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:09:13, on 13/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\WINDOWS\System32\DrvMon.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinc.exe
    D:\WINDOWS\system32\rundll32.exe
    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [FileZilla Server Interface] "D:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\RunServices: [System Updates] winsci.exe
    O4 - HKCU\..\Run: [DrvMon.exe] D:\WINDOWS\System32\DrvMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\RunServices: [System Updates] winsci.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = D:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: PsiWin 2.3 Connection Server .lnk = D:\Program Files\Psion\PsiWin\Psconsv.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: bw+0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Last edited by ragebe; 13-02-2006 at 10:19 AM. Reason: Add detail
  8. 13-02-2006  #8
    Neal
    Neal is offline Dedicated Member
    Good afternoon,


    Please download this file to your desktop - http://www.mvps.org/winhelp2002/DelDomains.inf

    Right click on the file you downloaded and select install. This resets the trusted and restricted zones to defaults.

    Note: if you have immunized with Spybot this takes those off. You will have to re-immunize with Spybot. If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both of those afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

    Reboot.




    Please download hoster from the link below.

    http://www.funkytoad.com/download/hoster.zip

    Open Hoster.exe.

    Then click on "Restore Original Hosts"

    Close program when complete.

    NEXT

    don't run the tool just yet please.
    Download CCleaner from here >>>>> http://www.majorgeeks.com/download4191.html

    Save it to your desktop. Open CCleaner and click on "run cleaner" at the bottom right.


    Go here to learn how to show hidden files/folders:/Rehide after you are clean

    http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5


    Download Clean.bat to your desktop(Save page as or Save as): for later use to clean out your TEMPORARY and PREFETCH files.
    http://www.thatcomputerguy.us/downloads/clean.bat


    Run hijackthis and click on scan button and put checks next to these:

    O4 - HKLM\..\RunServices: [System Updates] winsci.exe
    O4 - HKCU\..\RunServices: [System Updates] winsci.exe


    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


    Hunt for and delete if present:

    winsci.exe


    Now run CCleaner useing the windows tab only please.


    Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter at the prompts.

    Then reboot



    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start


    Post a new HJT log for further review
  9. 13-02-2006  #9
    ragebe
    ragebe is offline Full Member
    I think you've cracked it. After my initial concerns over restoring original defaults for zones, I pretty much followed what you said above. I'd already run CCleaner, so that was slightly out of sync. Everything else, ran as you listed (although I have sys files unhidden as std)

    HJT sorted out the [winsci] files (I thought it must be that one) and a search for winsci.exe found no files. Best of all, ZAP has no log of any attempt to connect to the blocked site, by any programme for over 2 hours.

    Many thanks Neal. I will most certainly make a donation.

    Please see latest HJT log below, hopefully ok:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:08:42, on 13/02/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    D:\Program Files\ewido anti-malware\ewidoctrl.exe
    D:\WINDOWS\System32\svchost.exe
    D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    D:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\WINDOWS\SOUNDMAN.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\CameraAssistant.exe
    D:\WINDOWS\system32\ElkCtrl.exe
    D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    D:\WINDOWS\System32\DrvMon.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Program Files\Psion\PsiWin\Psconsv.exe
    D:\PROGRA~1\Psion\PsiWin\Elogerr.exe
    D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    D:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v5.windowsupdate.microsoft.co....aspx?ln=en-us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [StormCodec_Helper] "D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [FileZilla Server Interface] "D:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] D:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] D:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] D:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [DrvMon.exe] D:\WINDOWS\System32\DrvMon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = D:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: PsiWin 2.3 Connection Server .lnk = D:\Program Files\Psion\PsiWin\Psconsv.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: bw+0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {8FFC9ABD-E186-4335-9108-4D6B2A23847A} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\FileZilla Server\FileZilla Server.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
  10. 13-02-2006  #10
    ragebe
    ragebe is offline Full Member
    Save 20% on AVG Internet Security 2012 Suite!
    Oh well, spoke too soon. Firefox just made 5 attempts to connect to blocked site......


    O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll

    is this suspicious?

    and when i re-run CCleaner, there is a Flash file, that keeps re-appearing. That is to say, I run Analyze, then Clean, then click on analyze a few times and after 10 seconds or so, up pops,

    D:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\J897KV7K\localhost\core.sol 53 bytes

    Even if I manually delete this file, it returns. HJT log is as above.......
    Last edited by ragebe; 13-02-2006 at 10:33 PM.
+ Reply to Thread
Page 1 of 4 1 2 3 4 LastLast
« pstord.exe | HijackThis Log - Help Please(RESOLVED) »