There's a little more to it than that Fed!
Move Hijackthis to it's own
unique folder, run it once and close it.
Uninstall Logitech Desktop Messenger and anything else you don't need or want.
Download [highlight]
EmpTemp[/highlight] and install it.
Download [highlight]
VundoFix[/highlight], place it on your desktop, run it and elect to install to your desktop. You should now see a folder called VUndo.
Empty the Recycle Bin and disable System Restore.
Do nothing else at this point except reboot to Safe Mode, open the VundoFix folder and run KillVundo.bat. Hit enter to accept the warning.
Enter the filepath as
C:\WINDOWS\system32\ssttr.dllPress enter
Enter the next filepath as:
C:\WINDOWS\system32\rttss.*Press enter
Hijackthis may now run - If it doesn't, launch it manually and fix the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pldi.net/Main.php?do=IndexR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pldi.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dellnet.com/O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\ssttr.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} -
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -
http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-ac tivex-2.0.3.1.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_35.cab O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) -
http://www.pysoft.com/Downloads/WebCamPlayerOCX.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://www.fallingrocktaphouse.com/cam/AxisCamControl.ocxO16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) -
http://www.intellishack.com/h263ctrl.cabO16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
http://liveca05.rightnowtech.com/uo/thesimsonline/rnt/rnl/java/RntX.cabO16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup141.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssttr - C:\WINDOWS\system32\ssttr.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Press enter to restart normally.
At this point, do nothing except run EmpTemp. Ensure that all temp file locations and temporary internet folders are shown in the left hand side of EmpTemps window and hit the "Clean" button.
Visit [highlight]
Panda Active Scan[/highlight] and commit to a full scan. Fix anything that's found. Copy the scan results, paste them into Notepad and save as pandascan.log.
Return here and post pandascan.log, vundofix.txt and a fresh Hijackthis log.