winantivirus pro and videozapping popups

Please compress the CounterSpy log into a ZIP file and attach that. You must have had a load of junk from cookies or detections of stuff like WildTangent and WeatherBug which add tons of registry keys.

IMPORTANT!!
It does not appear that you did step 2 of the READ & RUN ME properly. Go back and make sure you follow all steps exactly. Do this now before you get the below new logs!!!

You are using old versions of GetRunKey and ShowNew. I don't know when you downloaded them but it was not recently. Please download the current versions and attach logs from the new versions.

You also must rename HijackThis.exe as requested in step 7 of the READ ME. You have this:

C:\Program Files\Hijackthis\HijackThis.exe

It should be:

C:\Program Files\HJT\analyse.exe

Then attach a new HJT log! This is very important as stated in the READ ME. Many infections may hide themselves if they even see the hijackthis.exe file name mentioned in a process list. I suggest that you rename the folder too, but that is not as important as the actual EXE filename.

 

It cannot go back on its own. Malware could change it but that does not appear to be the problem. It seems you still skipped part of the steps.

Go back right now and tell me whether the below option is Checked or Unchecked.

Hide extensions for known file types


Another question:

Do you use Logitech Desktop Messenger for getting updates automatically? Many people don't like the way the backweb plugin works and consider it to be spyware. It has cluttered up your registry with a load of entries (see the O18 lines in your HJT log). This stuff is really not needed for anything as far as I know. And in most cases, people uninstall or stop Logitech Desktop Messenger from running and never miss it.


You have an old service (left over from having Panda Antivirus installed at some time) trying to run! Let's fix it

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Panda Process Protection Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pastePavPrSrv into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that in my next message after running HJT again to fix some other items.

I will post the next steps after reviewing your new logs.

 

Why did you choose to have CounterSpy ignore everything it found?

Do you need Messenger Plus????? We highly recommend not using this software since it has been the cause of tens of thousands of PCs getting infected. If you really need it, yes you can have CounterSpy ignore it (but again not recommended). Notice it is one reason your log was so large.

DAP was another reason and it can be ignored? It used to be considered malware but not anymore?

However the below other items that CounterSpy found need to be fixed?
Slagent/Navipromo Adware
MyWebSearch Toolbar
FunWebProducts
My Way Speedbar

Run CounterSpy again and at least fix the above four items! Attach a new log.

 

Okay good that is what we want. I just modified GetRunKey to display this setting properly now. Thanks for answering my questions! That helped me locate the problem. Please download the new version of GetRunKey (Version 1.54) and use it from now on when I ask for a log.

This is up to you whether you want these automatic checks for updates for Logitech software to be always running at startup. This not malware but it is also not necessary and in my opinion a waste of system resources. You can take three approaches.

1. Ignore the fact that it is loading and running (i.e., just leave it as is)
2. Uninstall it
3. Just stop it from loading at startup & fix the related registry entries showing in your HJT log.

I suggest doing number 3. Tell me what you would prefer and we will go with your decision. After getting your reply I will work up a full fix.

 

Now that you have fixed things with CounterSpy, let's uninstall it to avoid conflicts with Windows Defender and to avoid excessive use of system resource. Uninstall it now before continuing.

Also Uninstall the below software:
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Search Assist

Make sure you reboot after uninstall all of the above!

Now after reboot install the current version of Sun Java from: Sun Java Runtime Environment


Continue by downloading a tools we will need - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O18 - Protocol: bw+0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9CB0E491-FA44-452D-A9D4-5EEA618E3A70} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
C:\WINDOWS\system32\czqgai.exe
C:\WINDOWS\system32\czqgai.dat
C:\WINDOWS\system32\czqgai_nav.dat
C:\WINDOWS\system32\czqgai_navps.dat
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\Program Files\Uninstall My Web Search.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey - make sure you have the new 1.54 version just updated!
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Okay looks a little better, but a few registry keys did not get fixed (possibly Windows Defender blocked the changes) and also a couple files did not delete. Let's continue.

First let's disable Windows Defender while fixing these!

Disable Windows Defender:

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Uncheck Turn on Real Time Protection (recommended)
• Close Windows Defender

Once your log is clean you can re-enable Windows Defender Real Time Protection.



Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [czqgai] c:\windows\system32\czqgai.exe czqgai
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

After clicking Fix, exit HJT.

Now run this Disable/Remove Windows Messenger to remove Windows Messenger!

Now delete the below folders left over from CounterSpy:
C:\Documents and Settings\SoupGuru\Local Settings\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Now look for the below two files and delete them. Use safe mode if necessary or re-try Pocket Killbox (for some reason it did not work last time).
C:\WINDOWS\system32\czqgai_nav.dat
C:\WINDOWS\system32\czqgai_navps.dat


Attach new logs from ShowNew and HJT.

 

Okay! But you need to complete the instructions in my last message.

 

You logs are clean other the Messenger Plus Live! which you did not uninstall. I just want to tell you one more time that we highly recommend uninstalling this. Also I want to tell you that Messenger Plus Live! is the source of your WinAntiVirus infection. This is even mentioned at the end of the Uninstall Malware via Add/Remove Programs link given in step 0 of the READ ME.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Great! Make sure you work thru the How to protect thread too! Surf safely!

 

You're welcome.

It takes a lot of time learning how to read logs and you need to understand quite alot about each Windows OS in order to understand what's what and where they do or don't belong.

 

It all depends on your background and how much you know already. Read a bunch of thread in this forum. Read all of the stickies too! Do you know all of the things being mentioned? Do you know all of the tools and how to use them? How many of the malware programs (not cleaning tools) being mentioned (like Virtumonde, Winlogonhook, PurityScan, Look2Me, Qoologic...etc) do you know all about and do you know how to fix them? Are you familiar with a large variety of antispyware products? Do you know all about Windows 98, ME, 2000, 2003, XP SP1 , XP SP2? Do you know the Windows Registry? ........etc.