PDA

View Full Version : Computer is *pip* up


Betal
10-08-08, 15:07
Hello. I'm not very active here anymore but I need help.
I'm very unlucky when it comes to computers. I always have a problems with them.

I was stupid enough to download a fake video codec from a probably fake site yesterday. And now I got a virus.. Lol.

First of all the wallpaper is blue and says: Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer.

And next to the clock in the bottom right of the screen it says at the moment: 17:02: VIRUS ALERT!

And when I click on start I can only choose to restart or turn off the computer or internet. Everything else is gone. So I can't go to my computer or anything.

I tried to start it in safe mode but that didn't work. So I put in my windows vista CD and restarted it. But I couldn't choose to boot with the CD. So I tried a XP cd after with the same result.

So I don't know what to do. All my anti spyware and virus tools icons are gone from the desktop expect Ad aware. So I'm scanning with that one.

BTW. I said computer but I'm using my laptop now. Don't know if that matters. : p

Titanium
10-08-08, 15:31
It sounds like you've been given a right hefty Malware/Virus.

Okay if you can access the internet with it, download Spybot Search and Destroy and an anti-virus program (Avast! or AVG). If you're able to take a print screen of the wallpaper and the virus alert, that would also be of great use. I just hope that the virus wont block the installation.

If it does block the installation, try Housecall (http://housecall.trendmicro.com/uk/).

Betal
10-08-08, 15:39
I can't even go to those websites. They change to some random **** sides. So i guess the virus block those.

I just noticed I got Avira anti virus to work. Hopes it deletes the virus. =)

And BTW the wallpaper is just blue with a box in the middle. The box is yellow and blue. And Warning! Spyware detected on your computer is in the upper (yellow) part and the rest uned in the blue part. I don't want to print cause it will take like 100 years cause the laptop is slow as hell thanks to the virus.

badboy70
10-08-08, 15:47
Try booting in safe mode, then run the virus scanner :)
Edit : To enter safe mode tap F8 and then select safe mode.

Jacen
10-08-08, 15:51
I tried to start it in safe mode but that didn't work.
What do you mean Betal? You weren't able to start in safe mode? Or you were, but it didn't help?

spikejones
10-08-08, 15:51
boot computer in safe mode (yes it should work) - spam the hell out of the F8 key as soon as the computer comes up and you should eventually get a screen that prompts you to choose several different modes.

run full system antivirus scan
run full system spyware scan

run ardiag (http://www.tombraiderhub.com/download/ardiag.exe) and post results when finished with that

Dont boot back into normal mode until you are sure the virus is gone.

Betal
10-08-08, 16:09
When I'm trying safe mode it says windows is starting and then when it's done I'm back at the normal windows and not safe mode anymore

badboy70
10-08-08, 16:13
Strange, could you post a screen of your desktop + the thing next to your clock ( if there is anyhthing ) ?

Betal
10-08-08, 16:17
Ican't choose all programs in the start menu thanks to the virus so I can't open paint or photoshop. So I can't print the desktop.

Lol poor me. :p

Ok now I worked it out. Gonna take a pic now

Here it is. Anyway lets hope spybot s&D deletes the viruses. So far it found 14 viruses xD.

http://i148.photobucket.com/albums/s12/pattelalle/HATEEE.jpg

spikejones
10-08-08, 17:00
run av and spyware scans anyway

no need to post a picture of the desktop cause all it is is a picture that the virus has manged to place as your wallpaper. I have seen this before.
if it is the same one i saw before, it will make a screen saver where little bugs are eating your windows up

and the popup messages will try to get you to buy/download a virus scan program - DO NOT do what they say cause you will infect your computer more

run a full system AV scan with AVG (http://free.avg.com/) or Avira (http://www.free-av.com/)
run a full system spyware scan with Ad Aware 2008 free (http://lavasoft.com/products/ad_aware_free.php) or Spybot S&D (http://www.safer-networking.org/index2.html)
post result of Ardiag (http://www.tombraiderhub.com/download/ardiag.exe) when finished

if you don't do these things as instructed (especially the ardiag report) there is not much we can do to help you.

edit... now that i see your screen shot - that is exactly what i saw before.
smitfraud infection + others

after running spybot s&d, run the immunization so that it will build a hosts file to block bad domains from being accessed, and hopefully you will not get to sites that host viruses. Also, you should always scan you downloads before you install them.

curious though - why did you put in a Vista Disc when you are running XP?

Titanium
10-08-08, 17:02
The Spyware&Malware protection next to Quicktime player is bad, thats included with a bunch of other programs disguised as legit security programs.

Did you scan with both AD-Aware and Antivir?

Betal
10-08-08, 17:31
run av and spyware scans anyway

no need to post a picture of the desktop cause all it is is a picture that the virus has manged to place as your wallpaper. I have seen this before.
if it is the same one i saw before, it will make a screen saver where little bugs are eating your windows up

and the popup messages will try to get you to buy/download a virus scan program - DO NOT do what they say cause you will infect your computer more

run a full system AV scan with AVG (http://free.avg.com/) or Avira (http://www.free-av.com/)
run a full system spyware scan with Ad Aware 2008 free (http://lavasoft.com/products/ad_aware_free.php) or Spybot S&D (http://www.safer-networking.org/index2.html)
post result of Ardiag (http://www.tombraiderhub.com/download/ardiag.exe) when finished

if you don't do these things as instructed (especially the ardiag report) there is not much we can do to help you.

edit... now that i see your screen shot - that is exactly what i saw before.
smitfraud infection + others

after running spybot s&d, run the immunization so that it will build a hosts file to block bad domains from being accessed, and hopefully you will not get to sites that host viruses. Also, you should always scan you downloads before you install them.

curious though - why did you put in a Vista Disc when you are running XP?

Thankyou gonna do what you said.

And my laptop came with windows vista. So I thought I would try windows vista (again) instead. :p

The laptop is a little faster now then before. So I think spybot deleted many things. But not everything is gone. Gonna follow your steps now.

spikejones
10-08-08, 17:50
when i cleaned that virus off a couple computers, i did what i told you (but under safe mode) and it worked out alright. You will have to manually change the wall paper when it is all cleared up

Betal
10-08-08, 18:36
I only have smitfraud-c left now. And that's what cause the wallpaper and all those **** stuffs to happend.

And I read about a program called spyware doctor. They said that it was one of a few that could remove smitfraud-c. Anybody know if that's a good program?

Jacen
10-08-08, 19:10
@Betal: Take a look at this thread, it might hold the answers you're looking for with regards to removing the Smitfraud-c infection. Smithfraud removal (http://www.bullguard.com/forum/10/HELP-REMOVE-SMITFRAUD-C--PLEAS_40677.html)

spikejones
10-08-08, 19:37
the whole purpose of running ardiag when you were finshed was so that we could guide you to turn remove some stuff that the virus scans missed.

Titanium
10-08-08, 21:19
And I read about a program called spyware doctor. They said that it was one of a few that could remove smitfraud-c. Anybody know if that's a good program?

It is a good program, make sure you download the starter edition, as the full version is limited to just a scan, no removal.

Betal
10-08-08, 21:42
I just scanned with spyware doctor and deleted what itfound.

Here's my ARDiag. : )

Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
N/A
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
lsdelete
Program path & name:
"c:\windows\system32\lsdelete.exe"
Enabled: [V]


Program:
"Ad-Aware service"
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aawservice
Program path & name:
"c:\program\lavasoft\ad-aware\aawservice.exe"
Enabled: [V]


Program:
"Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates."
Publisher:
"(Not verified) Avira GmbH"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AntiVirScheduler
Program path & name:
"c:\program\avira\antivir personaledition classic\sched.exe"
Enabled: [V]


Program:
"Offers permanent protection against viruses and malware with the AntiVir search engine."
Publisher:
"(Not verified) Avira GmbH"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AntiVirService
Program path & name:
"c:\program\avira\antivir personaledition classic\avguard.exe"
Enabled: [V]


Program:
"Tillhandahåller gränssnitt till Apples bärbara enheter."
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program\delade filer\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]


Program:
"Gör att maskinvaruenheter och programtjänster automatiskt kan konfigurera sig i nätverket och annonsera sin närvaro så att användarna kan se och använda dessa tjänster utan att behöva ägna sig åt manuell inställning eller administration."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"c:\program\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"Webcam Effects Helper."
Publisher:
"(Verified) Logitech Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LVPrcSrv
Program path & name:
"c:\program\delade filer\logitech\lvmvfm\lvprcsrv.exe"
Enabled: [V]


Program:
"Launcher for Logitech Video Components."
Publisher:
"(Verified) Logitech Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LVSrvLauncher
Program path & name:
"c:\program\delade filer\logitech\srvlnch\srvlnch.exe"
Enabled: [V]


Program:
"Avira AntiVir Support for Minifilter"
Publisher:
"(Verified) Avira GmbH"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avgio
Program path & name:
"c:\program\avira\antivir personaledition classic\avgio.sys"
Enabled: [V]


Program:
"Avira's Driver for RootKit Detection"
Publisher:
"(Verified) Avira GmbH"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avipbb
Program path & name:
"c:\windows\system32\drivers\avipbb.sys"
Enabled: [V]


Program:
"CD DVD Filter"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]


Program:
"System Filter Device Driver"
Publisher:
"(Verified) PC Tools"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IKSysFlt
Program path & name:
"c:\windows\system32\drivers\iksysflt.sys"
Enabled: [V]


Program:
"System Security Device Driver"
Publisher:
"(Verified) PC Tools"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
IKSysSec
Program path & name:
"c:\windows\system32\drivers\iksyssec.sys"
Enabled: [V]


Program:
"Logitech Kernel Audio Processing Filter Driver"
Publisher:
"(Verified) Logitech Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LVcKap
Program path & name:
"c:\windows\system32\drivers\lvckap.sys"
Enabled: [V]


Program:
"Logitech Machine Vision Engine Loader"
Publisher:
"(Verified) Logitech Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LVMVDrv
Program path & name:
"c:\windows\system32\drivers\lvmvdrv.sys"
Enabled: [V]


Program:
"ProcMon Driver"
Publisher:
"(Verified) Logitech Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
LVPr2Mon
Program path & name:
"c:\windows\system32\drivers\lvpr2mon.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sptd
Program path & name:
c:\windows\system32\drivers\sptd.sys"
Enabled: [V]


Program:
"Avira Snapshot Driver"
Publisher:
"(Verified) Avira GmbH"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ssmdrv
Program path & name:
"c:\windows\system32\drivers\ssmdrv.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
jkkLeeBS
Program path & name:
File not found: jkkLeeBS.dll"
Enabled: [V]


Program:
"Sysinternals Bluescreen Screen Saver"
Publisher:
"(Not verified) Sysinternals"
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\system32\blphctnej0eec9.scr
Program path & name:
"c:\windows\system32\blphctnej0eec9.scr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\opnNdBqr
Program path & name:
File not found: C:\WINDOWS\system32\opnNdBqr"
Enabled: [V]


Program:
"AppleSyncNotifier"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AppleSyncNotifier
Program path & name:
"c:\program\delade filer\apple\mobile device support\bin\applesyncnotifier.exe"
Enabled: [V]


Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program\itunes\ituneshelper.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A0.exe
Program path & name:
File not found: C:\Windows\system32\Win8A0.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A1.exe
Program path & name:
File not found: C:\Windows\system32\Win8A1.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A2.exe
Program path & name:
File not found: C:\Windows\system32\Win8A2.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A3.exe
Program path & name:
File not found: C:\Windows\system32\Win8A3.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A4.exe
Program path & name:
File not found: C:\Windows\system32\Win8A4.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Antivirus
Program path & name:
File not found: C:\Program\VAV\vav.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
lphctnej0eec9
Program path & name:
c:\windows\system32\lphctnej0eec9.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SMrhcpnej0eec9
Program path & name:
c:\program\rhcpnej0eec9\rhcpnej0eec9.exe"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw+0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw+0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw-0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw-0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw00
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw00s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw10
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw10s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw20
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw20s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw30
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw30s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw40
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw40s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw50
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw50s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw60
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw60s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw70
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw70s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw80
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw80s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw90
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw90s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwa0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwa0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwb0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwb0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwc0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwc0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwd0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwd0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwe0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwe0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwf0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwf0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwfile-8876480
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\gaplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwg0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwg0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwh0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwh0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwi0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwi0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwj0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwj0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwk0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwk0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwl0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwl0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwm0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwm0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwn0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwn0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwo0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwo0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwp0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwp0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwq0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwq0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwr0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwr0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bws0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bws0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwt0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwt0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwu0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwu0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwv0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwv0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bww0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bww0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwx0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwx0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwy0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwy0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwz0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwz0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
offline-8876480
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
1
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Användare\Simon\Start-meny\Program\Autostart
Entry name:
VirtuaGuy2.lnk
Program path & name:
c:\program\virtuaguy\virtuaguy2.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
tfnslopk
Program path & name:
File not found: C:\WINDOWS\tfnslopk.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
xokvrpwg
Program path & name:
File not found: C:\WINDOWS\xokvrpwg.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A0.exe
Program path & name:
File not found: C:\Windows\system32\Win8A0.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A1.exe
Program path & name:
File not found: C:\Windows\system32\Win8A1.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A2.exe
Program path & name:
File not found: C:\Windows\system32\Win8A2.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A3.exe
Program path & name:
File not found: C:\Windows\system32\Win8A3.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A4.exe
Program path & name:
File not found: C:\Windows\system32\Win8A4.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Antivirus
Program path & name:
File not found: C:\Program\VAV\vav.exe"
Enabled: [V]


Program:
"Norton Security Scan"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
Task Scheduler
Entry name:
Norton Security Scan.job
Program path & name:
"c:\program\norton security scan\nss.exe"
Enabled: [V]


Program:
"IRCodecs 1.2"
Publisher:
"(Not verified) IRCodecs"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
CodecPlugin Class
Program path & name:
"c:\windows\system32\richvideocodec.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{17B15E15-4601-4F43-BE0A-146A13125B39}
Program path & name:
File not found: C:\WINDOWS\system32\fccbYqOh.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{25204f76-36d4-43da-a534-1182aab8e313}
Program path & name:
c:\windows\system32\vamcoe.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{6EC846CC-6BC2-4AC1-BB58-4A77BC800980}
Program path & name:
File not found: C:\WINDOWS\system32\opnNdBqr.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program\java\jre1.6.0_07\bin\ssv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{A260787B-911C-49A1-AE73-EC76A3CEC27E}
Program path & name:
File not found: C:\WINDOWS\system32\jkkLeeBS.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{BD03B099-A1D7-4F05-B7DC-462A6C1BC36c}
Program path & name:
c:\windows\system32\usveixht.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
jkkLeeBS.dll
Program path & name:
File not found: C:\WINDOWS\system32\jkkLeeBS.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Kontrollpanelstillägg för bildskärmspanorering
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"ACE Context Menu"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
c:\program\ati technologies\ati.ace\core-static\atiacmxx.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program\winrar\rarext.dll"
Enabled: [V]


Program:
"ShlExt.dll"
Publisher:
"(Not verified) Avira GmbH"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extension for Malware scanning
Program path & name:
"c:\program\avira\antivir personaledition classic\shlext.dll"
Enabled: [V]


Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program\itunes\itunesminiplayer.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program\delade filer\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
bgrqfetx.dll
Program path & name:
File not found: C:\WINDOWS\bgrqfetx.dll"
Enabled: [V]

Muhammad
10-08-08, 21:52
Ican't choose all programs in the start menu thanks to the virus so I can't open paint or photoshop. So I can't print the desktop.

Lol poor me. :p

Ok now I worked it out. Gonna take a pic now

Here it is. Anyway lets hope spybot s&D deletes the viruses. So far it found 14 viruses xD.

http://i148.photobucket.com/albums/s12/pattelalle/HATEEE.jpg

I knew I've seen that before! It was my sister's laptop.

And you know what I did? FORMAT + Reinstall

That isn't very helpful, is it?

Betal
10-08-08, 22:19
I knew I've seen that before! It was my sister's laptop.

And you know what I did? FORMAT + Reinstall

That isn't very helpful, is it?

As I said before. I wasn't able to boot the laptop with a CD so I couldn't reformat it or anything. : )

spikejones
10-08-08, 22:56
download autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and kill the following entries:


Program:
"Gör att maskinvaruenheter och programtjänster automatiskt kan konfigurera sig i nätverket och annonsera sin närvaro så att användarna kan se och använda dessa tjänster utan att behöva ägna sig åt manuell inställning eller administration."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"c:\program\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
jkkLeeBS
Program path & name:
File not found: jkkLeeBS.dll"
Enabled: [V]


Program:
"Sysinternals Bluescreen Screen Saver"
Publisher:
"(Not verified) Sysinternals"
Entry path:
HKCU\Control Panel\Desktop\Scrnsave.exe
Entry name:
C:\WINDOWS\system32\blphctnej0eec9.scr
Program path & name:
"c:\windows\system32\blphctnej0eec9.scr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authenti cation Packages
Entry name:
C:\WINDOWS\system32\opnNdBqr
Program path & name:
File not found: C:\WINDOWS\system32\opnNdBqr"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A0.exe
Program path & name:
File not found: C:\Windows\system32\Win8A0.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A1.exe
Program path & name:
File not found: C:\Windows\system32\Win8A1.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A2.exe
Program path & name:
File not found: C:\Windows\system32\Win8A2.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A3.exe
Program path & name:
File not found: C:\Windows\system32\Win8A3.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A4.exe
Program path & name:
File not found: C:\Windows\system32\Win8A4.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Antivirus
Program path & name:
File not found: C:\Program\VAV\vav.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
lphctnej0eec9
Program path & name:
c:\windows\system32\lphctnej0eec9.exe"
Enabled: [V]


Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program\quicktime\qttask.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SMrhcpnej0eec9
Program path & name:
c:\program\rhcpnej0eec9\rhcpnej0eec9.exe"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw+0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw+0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw-0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw-0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw00
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw00s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw10
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw10s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw20
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw20s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw30
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw30s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw40
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw40s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw50
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw50s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw60
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw60s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw70
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw70s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw80
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw80s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw90
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bw90s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwa0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwa0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwb0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwb0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwc0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwc0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwd0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwd0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwe0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwe0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwf0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwf0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwfile-8876480
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\gaplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwg0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwg0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwh0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwh0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwi0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwi0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwj0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwj0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwk0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwk0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwl0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwl0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwm0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwm0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwn0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwn0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwo0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwo0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwp0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwp0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwq0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwq0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwr0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwr0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bws0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bws0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwt0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwt0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwu0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwu0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwv0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwv0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bww0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bww0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwx0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwx0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwy0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwy0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwz0
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
bwz0s
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
"Logitech Desktop Messenger"
Publisher:
"(Not verified) Logitech"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
offline-8876480
Program path & name:
"c:\program\logitech\desktop messenger\8876480\program\bwplugprotocol-8876480.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
1
Program path & name:
File not found: about:Home"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Användare\Simon\Start-meny\Program\Autostart
Entry name:
VirtuaGuy2.lnk
Program path & name:
c:\program\virtuaguy\virtuaguy2.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
tfnslopk
Program path & name:
File not found: C:\WINDOWS\tfnslopk.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad
Entry name:
xokvrpwg
Program path & name:
File not found: C:\WINDOWS\xokvrpwg.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A0.exe
Program path & name:
File not found: C:\Windows\system32\Win8A0.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A1.exe
Program path & name:
File not found: C:\Windows\system32\Win8A1.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A2.exe
Program path & name:
File not found: C:\Windows\system32\Win8A2.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A3.exe
Program path & name:
File not found: C:\Windows\system32\Win8A3.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
\Win8A4.exe
Program path & name:
File not found: C:\Windows\system32\Win8A4.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
Antivirus
Program path & name:
File not found: C:\Program\VAV\vav.exe"
Enabled: [V]


Program:
"Norton Security Scan"
Publisher:
"(Verified) Symantec Corporation"
Entry path:
Task Scheduler
Entry name:
Norton Security Scan.job
Program path & name:
"c:\program\norton security scan\nss.exe"
Enabled: [V]


Program:
"IRCodecs 1.2"
Publisher:
"(Not verified) IRCodecs"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
CodecPlugin Class
Program path & name:
"c:\windows\system32\richvideocodec.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{17B15E15-4601-4F43-BE0A-146A13125B39}
Program path & name:
File not found: C:\WINDOWS\system32\fccbYqOh.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{25204f76-36d4-43da-a534-1182aab8e313}
Program path & name:
c:\windows\system32\vamcoe.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{6EC846CC-6BC2-4AC1-BB58-4A77BC800980}
Program path & name:
File not found: C:\WINDOWS\system32\opnNdBqr.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program\java\jre1.6.0_07\bin\ssv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{A260787B-911C-49A1-AE73-EC76A3CEC27E}
Program path & name:
File not found: C:\WINDOWS\system32\jkkLeeBS.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{BD03B099-A1D7-4F05-B7DC-462A6C1BC36c}
Program path & name:
c:\windows\system32\usveixht.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks
Entry name:
jkkLeeBS.dll
Program path & name:
File not found: C:\WINDOWS\system32\jkkLeeBS.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Kontrollpanelstillägg för bildskärmspanorering
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"ACE Context Menu"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
c:\program\ati technologies\ati.ace\core-static\atiacmxx.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program\winrar\rarext.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program\delade filer\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
bgrqfetx.dll
Program path & name:
File not found: C:\WINDOWS\bgrqfetx.dll"
Enabled: [V]

EscondeR
11-08-08, 07:01
^ Yup. Except:

Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program\java\jre1.6.0_07\bin\ssv.dll"
Enabled: [V] - Valid JRE dll

Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program\winrar\rarext.dll"
Enabled: [V] - Valid WinRAR extension.


And better perform that in Safe Mode.

Report please after you complete.

Betal
11-08-08, 21:44
Ok I'm gonna do that now. Now I can change wallpaper but the screenplayer or whatever it's called is now a blue screen thing.

Anyway. Gonna report back later. =)

spikejones
11-08-08, 21:59
yeah.. the screen saver should get fixed when you disable those autoruns as one of them is causing the screen saver to do that. it would be good to also look for those files and delete them manually. let me see if i can track them down for you and post the location and file names of them.

Edit/Update:
Delete these two files for sure:

c:\windows\system32\blphctnej0eec9.scr
c:\windows\system32\richvideocodec.dll

These four are questionable as i do not know their source:

c:\program\virtuaguy\virtuaguy2.exe
c:\windows\system32\lphctnej0eec9.exe
c:\windows\system32\vamcoe.dll
c:\windows\system32\usveixht.dll


And if you want free codecs:
K-lite codec pack (http://www.free-codecs.com/K_lite_codec_pack_download.htm)

Betal
11-08-08, 22:18
Thank you. gonna do everything now. I'm using safe mode now.

And one thing. Do these viruses download and install things? I searched virtualguy2 on google and it was like men stripping. I got some icons on the doesktop that said gay porn. It makes me wonder if people do these viruses to annoy instead of stealing peoples info. o.O

spikejones
11-08-08, 22:29
viruses that download stuff are called Add-Ware (they add stuff to your system). Some crackpot hackers will do things just to destroy a persons system and I cant even tell you the reason why except that they are probably sick in the head. Also, a lot of them will make a virus like you ended up with, telling you to buy such and such Antivirus software to remove the stuff. This will put money in their pockets and it will also destroy your system if you do not get it fixed fast enough. Some of it will be with the intentions of getting personal information off your system as well. In the future though, if you want to know if something is safe to download, or you want input as to what you could download to do something - don't be afraid to come and ask.

Betal
11-08-08, 22:41
Yeah. Those people needs to get tortured until they forgets everything about computer. : p

And I've deleted those files and used autorun and deleted all those now. What should I do now? Restart the computer or scan it again or something?

BTW. Before I tried tombraiderforums I tried some Swedish sites. Everyone was like: it's your problem fix it yourself blahblah. But then here everyone is so helpful and nice. I don't think I ever would get this much help anywhere. So thank you so much. :hug:

spikejones
11-08-08, 22:44
yeah.. go ahead and reboot and if things are still acting up, let us know.

Betal
11-08-08, 22:51
Internet seems faster now. But I can't change screen saver.
But I'm not sure if I did it right. I deleted everything you said. Should I have saved it then?Cause in autorun there was a option to save. But I just turned it off. And what to autorunsc do?

Edit.
I was wrong. Internet is still slow. And when I search google and click on a link it pops up another site instead of the one I wanted. So I can't use google either.

Edit.. Again
Ok I scanned the laptop again and now spybot deleted two viruses that it couldn't delete before. And now internet is alot faster.
But next the the clock it still says VIRUS ALERT!

And it must be a bored idiot that made it. Cause in msn it said: ''last message sent 17:57: VIRUS ALERT!''
So it must be possible to change that?
I also could change screen saver now

spikejones
12-08-08, 04:24
look in your add/remove programs for anything that is labeled as antivirus/antispyware/security etc and uninstall it - EXCEPT for those that I directed you at. It may be that the autorun of it is in a location that autoruns cant detect, and the spyware and antivirus apps dont detect it. matter of fact, i think that is what i had to do when i cleaned it off of that lady's laptop.

it may tell you that it is not capable of being removed without purchasing it - that is what it told me. what i had to do was look in the program files directory (thats where it was if i recall correctly) and I had to just delete the whole folder, and remove the uninstaller entry from add/remove programs. Run a Registry Cleanup when you finish that process. -esconder knows some good ones to use.

As for your search being redirected... that will take some looking into

EscondeR
12-08-08, 06:32
Run a Registry Cleanup when you finish that process. -esconder knows some good ones to use.


Use RegCleaner (http://www.tombraiderhub.com/download/RegCleaner.zip) and CCleaner (http://www.ccleaner.com/download/) :)

And, yes, leave only well known antivirus software and antispyware. Kill everything labeled XPantivirus, antivirus 2009 and so on...