Explorer Bar Missing at Startup, Malwarekeeps coming back

[ukko33]

When windows is started up, goes throught he whole process and then gets to the wallpaper and no explorer bar comes up. Can manually start with Task Manager.

Also, once running the CPU usage is constantly at 100% andvery slow mouse pointer responses.

When using IE, malware keeps returning. Have cleaned with both Adaware and Spybot but to no avail.

Please advise which logfiles you woul like posted.

Any help you can offer wuld be greatly appreciated.

[Ried]

Hello ukko33 and welcome,

Kindly follow the instructions in our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help

• If you have any difficulty with any of the steps, move on to the next one.
• Be sure to reach Step 5 and post the requested logs in your next reply.

If CPU usage remains at 100%, run Deckard's System Scanner (in Step 5) from Safe Mode.


**Please note this section of the forum is very busy, so please familiarize yourself with the Bumping Rules also found in Step 5 of our sticky topic mentioned above.

One of our Analysts will review your log as soon as possible.

[ukko33]

One additional thing I forgot to mention in original post is the Windows Automatic Updates keeps changing to OFF.

Also, SPYbot is constantly notifying of attempted registry changes and attempts at adding BHO

Logs as requested:

Deckard's System Scanner v20071014.68
Run by scott on 2008-06-30 07:28:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:23 AM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\scott\Desktop\Stuff\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {75D8A152-EFC1-41E8-9B9D-C51557F5F68D} - C:\WINDOWS\system32\khfDvuSM.dll (file missing)
O2 - BHO: (no name) - {7A05C3BE-F3AC-4455-90EB-C8AC24AA4544} - C:\WINDOWS\system32\wvUlifGx.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\tuVnmMfg.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM1fcb5f94] Rundll32.exe "C:\WINDOWS\system32\yfcvkrxv.dll",s
O4 - HKLM\..\Run: [1cf86c08] rundll32.exe "C:\WINDOWS\system32\tajdfrrw.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6999] command /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9693] cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4943] cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210566534578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210566601656
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: bw+0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuVnmMfg - C:\WINDOWS\SYSTEM32\tuVnmMfg.dll
O23 - Service: McAfee Application Installer Cleanup (0105421214752895) (0105421214752895mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\010542~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 23703 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 01:21:21 0 d-------- C:\WINDOWS\LastGood
2008-06-29 17:07:53 81920 --a------ C:\WINDOWS\system32\qrjjtfwc.dll
2008-06-29 17:07:29 90624 --a------ C:\WINDOWS\system32\yfcvkrxv.dll
2008-06-29 1744 509008 --ahs---- C:\WINDOWS\system32\MSuvDfhk.ini2
2008-06-28 23:54:57 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-28 23:54:57 2550 --a------ C:\WINDOWS\unins000.dat
2008-06-28 23:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 23:38:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 23:38:04 0 d-------- C:\Program Files\SpywareBlaster
2008-06-28 18:30:37 81920 -----n--- C:\WINDOWS\system32\tajdfrrw.dll
2008-06-28 18:27:37 90624 --a------ C:\WINDOWS\system32\ajjickto.dll
2008-06-28 12:52:31 0 d-------- C:\Program Files\Trend Micro
2008-06-27 18:26:29 91648 --a------ C:\WINDOWS\system32\mperhxgu.dll
2008-06-27 18:22:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-27 08:17:47 0 d-------- C:\Documents and Settings\scott\Application Data\Windows Desktop Search
2008-06-26 20:05:44 0 d-------- C:\Program Files\Lavasoft
2008-06-26 20:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 20:05:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 18:25:39 91648 --a------ C:\WINDOWS\system32\onqntfdy.dll
2008-06-25 22:18:55 0 d-------- C:\Documents and Settings\scott\Application Data\Nero
2008-06-25 22:01:47 0 d-------- C:\Program Files\Nero
2008-06-25 22:01:47 0 d-------- C:\Program Files\Common Files\Nero
2008-06-25 22:01:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-25 21:57:22 485791 --ahs---- C:\WINDOWS\system32\xGfilUvw.ini2
2008-06-25 21:49:38 24576 --a------ C:\WINDOWS\system32\tuVnmMfg.dll
2008-06-06 13:15:29 0 d-------- C:\Documents and Settings\scott\Application Data\Canon
2008-06-04 12:35:41 0 d-------- C:\Documents and Settings\scott\Application Data\TomTom
2008-06-04 12:35:41 0 d-------- C:\Documents and Settings\scott\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-06-30 0758 0 d-------- C:\Documents and Settings\scott\Application Data\Skype
2008-06-30 01:21:20 0 d-------- C:\Program Files\McAfee
2008-06-29 17:05:27 0 d-------- C:\Documents and Settings\scott\Application Data\skypePM
2008-06-29 17:05:17 0 d-------- C:\Documents and Settings\scott\Application Data\uTorrent
2008-06-26 20:19:45 0 d-------- C:\Program Files\Windows Desktop Search
2008-06-26 20:05:09 0 d-------- C:\Program Files\Common Files
2008-06-25 21:49:05 0 d-------- C:\Program Files\Ahead
2008-06-14 10:37:17 0 d-------- C:\Documents and Settings\scott\Application Data\SiteAdvisor
2008-06-05 10:09:13 0 d-------- C:\Program Files\SiteAdvisor
2008-05-24 13:21:36 0 d-------- C:\Documents and Settings\scott\Application Data\Ahead
2008-05-20 13:26:01 0 d-------- C:\Program Files\uTorrent
2008-05-17 13:04:14 0 d-------- C:\Documents and Settings\scott\Application Data\DivX
2008-05-17 12:11:34 0 d-------- C:\Program Files\DivX
2008-05-17 11:47:02 0 d-------- C:\Program Files\Common Files\LightScribe
2008-05-17 10:59:32 0 d-------- C:\Documents and Settings\scott\Application Data\WinRAR
2008-05-15 07:13:34 0 d-------- C:\Program Files\Logitech
2008-05-15 07:13:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 07:07:47 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-15 07:07:28 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 22:34:47 0 d-------- C:\Program Files\Common Files\CANON
2008-05-14 21:00:46 0 d-------- C:\Program Files\Canon
2008-05-14 20:57:30 0 d--h----- C:\Program Files\CanonBJ
2008-05-13 18:04:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-13 17:55:12 0 d-------- C:\Program Files\Messenger
2008-05-13 17:54:38 0 d-------- C:\Program Files\Movie Maker
2008-05-13 17:51:32 0 d-------- C:\Program Files\Windows NT
2008-05-13 17:43:33 0 d-------- C:\Documents and Settings\scott\Application Data\Adobe
2008-05-13 11:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 11:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 11:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 11:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 11:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 11:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 11:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 11:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 11:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 23:48:49 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-12 23:48:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-12 23:48:19 62 --ahs---- C:\Documents and Settings\scott\Application Data\desktop.ini
2008-05-12 19:15:33 0 d-------- C:\Program Files\Windows Live
2008-05-12 19:12:44 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 18:53:37 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-12 18:53:10 0 d-------- C:\Program Files\McAfee.com
2008-05-12 18:34:31 0 d-------- C:\Program Files\Skype
2008-05-12 18:34:29 0 d-------- C:\Program Files\Common Files\Skype
2008-05-12 17:59:43 0 d-------- C:\Documents and Settings\scott\Application Data\Google
2008-05-12 17:58:20 0 d-------- C:\Program Files\Google
2008-05-12 17:49:05 0 d-------- C:\Program Files\Microsoft Works
2008-05-12 17:48:56 0 d-------- C:\Program Files\MSBuild
2008-05-12 14:20:33 0 d-------- C:\Program Files\Analog Devices
2008-05-12 14:20:32 44 --a------ C:\WINDOWS\system32\msssc.dll
2008-05-12 14:19:53 0 d-------- C:\Program Files\Intel
2008-05-12 14:15:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-12 14:11:41 0 d-------- C:\Documents and Settings\scott\Application Data\Macromedia
2008-05-12 1433 0 d-------- C:\Documents and Settings\scott\Application Data\Identities
2008-05-12 14:00:34 0 d-------- C:\Program Files\microsoft frontpage
2008-05-12 14:00:22 0 -rahs---- C:\MSDOS.SYS
2008-05-12 14:00:22 0 -rahs---- C:\IO.SYS
2008-05-12 14:00:22 0 --a------ C:\CONFIG.SYS
2008-05-12 14:00:22 0 --a------ C:\AUTOEXEC.BAT
2008-05-12 13:57:17 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-12 13:55:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-12 13:55:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-12 13:55:51 0 d-------- C:\Program Files\Online Services
2008-05-12 13:55:37 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75D8A152-EFC1-41E8-9B9D-C51557F5F68D}]
C:\WINDOWS\system32\khfDvuSM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A05C3BE-F3AC-4455-90EB-C8AC24AA4544}]
C:\WINDOWS\system32\wvUlifGx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}]
06/25/2008 09:49 PM 24576 --a------ C:\WINDOWS\system32\tuVnmMfg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [02/05/2004 04:37 AM]
"nwiz"="nwiz.exe" [02/05/2004 04:37 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [02/05/2004 04:37 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/25/2007 07:57 AM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/15/2007 02:01 AM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 02:50 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM]
"BM1fcb5f94"="C:\WINDOWS\system32\yfcvkrxv.dll" [06/29/2008 05:07 PM]
"1cf86c08"="C:\WINDOWS\system32\tajdfrrw.dll" [06/28/2008 06:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/12/2008 05:58 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/12/2008 08:10 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:56 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [05/15/2008 07:13 AM]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 10:12 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingD4943"=cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA6999"=command /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
"SpybotDeletingC9693"=cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/12/2008 5:58:02 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [5/15/2008 7:13:46 AM]
æTorrent.lnk - C:\Program Files\uTorrent\uTorrent.exe [5/12/2008 6:01:20 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ACED1C9F-2718-4512-9F69-F4E28C1F484F}"= C:\WINDOWS\system32\tuVnmMfg.dll [06/25/2008 09:49 PM 24576]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuVnmMfg]
tuVnmMfg.dll 06/25/2008 09:49 PM 24576 C:\WINDOWS\system32\tuVnmMfg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDvuSM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-30 07:31:55 ------------

[Ried]

Hello ukko33,

We'll begin with ComboFix.exe. Please download it from here and save it directly to your desktop.

Do not run it yet.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console on your machine before doing any malware removal.

The Windows recovery console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

[ukko33]

ComboFix 08-06-30.2 - scott 2008-07-01 20:40:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1518 [GMT 10:00]
Running from: C:\Documents and Settings\scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\scott\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1fcb5f94.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abxdvcgy.ini
C:\WINDOWS\system32\ajjickto.dll
C:\WINDOWS\system32\atpojexc.dll
C:\WINDOWS\system32\cdjkucdu.ini
C:\WINDOWS\system32\cwftjjrq.ini
C:\WINDOWS\system32\eajyufvx.dll
C:\WINDOWS\system32\hifxtekm.ini
C:\WINDOWS\system32\hvvggvaq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MmlmStwa.ini
C:\WINDOWS\system32\MmlmStwa.ini2
C:\WINDOWS\system32\mperhxgu.dll
C:\WINDOWS\system32\MSuvDfhk.ini
C:\WINDOWS\system32\MSuvDfhk.ini2
C:\WINDOWS\system32\onqntfdy.dll
C:\WINDOWS\system32\opnolJBR.dll
C:\WINDOWS\system32\piqwyqcv.ini
C:\WINDOWS\system32\qrjjtfwc.dll
C:\WINDOWS\system32\RBJlonpo.ini
C:\WINDOWS\system32\RBJlonpo.ini2
C:\WINDOWS\system32\tuVnmMfg.dll
C:\WINDOWS\system32\wrrfdjat.ini
C:\WINDOWS\system32\xGfilUvw.ini
C:\WINDOWS\system32\xGfilUvw.ini2
C:\WINDOWS\system32\xvfuyjae.ini
C:\WINDOWS\system32\yfcvkrxv.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 23:13 . 2008-06-30 23:14 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-06-30 19:33 . 2008-06-30 19:34 <DIR> d-------- C:\Program Files\Panda Security
2008-06-29 11:04 . 2008-07-01 20:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-29 00:49 . 2008-07-01 08:09 211 --a------ C:\WINDOWS\wininit.ini
2008-06-29 00:11 . 2008-06-29 00:11 <DIR> d-------- C:\Deckard
2008-06-28 23:54 . 2008-06-28 23:53 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-28 23:54 . 2008-06-28 23:54 2,550 --a------ C:\WINDOWS\unins000.dat
2008-06-28 23:49 . 2008-06-28 23:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-28 23:49 . 2008-06-29 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 23:38 . 2008-06-28 23:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-28 23:38 . 2008-06-29 10:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 12:52 . 2008-06-28 12:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 08:17 . 2008-06-27 08:17 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Windows Desktop Search
2008-06-26 20:05 . 2008-06-26 20:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-26 20:05 . 2008-06-26 20:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 20:05 . 2008-06-26 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 18:25 . 2008-07-01 20:30 110,437 --a------ C:\WINDOWS\BM1fcb5f94.xml
2008-06-25 22:18 . 2008-06-25 22:18 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Nero
2008-06-25 22:01 . 2008-06-25 22:01 <DIR> d-------- C:\Program Files\Nero
2008-06-25 22:01 . 2008-06-25 22:04 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-25 22:01 . 2008-06-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-06 13:15 . 2008-06-06 13:15 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Canon
2008-06-04 12:35 . 2008-06-04 12:35 <DIR> d-------- C:\Documents and Settings\scott\Application Data\TomTom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 10:51 --------- d-----w C:\Documents and Settings\scott\Application Data\uTorrent
2008-07-01 10:51 --------- d-----w C:\Documents and Settings\scott\Application Data\Skype
2008-07-01 10:50 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-01 10:24 --------- d-----w C:\Documents and Settings\scott\Application Data\skypePM
2008-07-01 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-30 12:57 --------- d-----w C:\Program Files\McAfee
2008-06-26 10:19 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-25 11:49 --------- d-----w C:\Program Files\Ahead
2008-06-14 00:37 --------- d-----w C:\Documents and Settings\scott\Application Data\SiteAdvisor
2008-06-10 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-05 00:09 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-24 03:21 --------- d-----w C:\Documents and Settings\scott\Application Data\Ahead
2008-05-20 03:26 --------- d-----w C:\Program Files\uTorrent
2008-05-17 03:04 --------- d-----w C:\Documents and Settings\scott\Application Data\DivX
2008-05-17 02:11 --------- d-----w C:\Program Files\DivX
2008-05-17 01:47 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-17 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-17 01:02 23,510,720 ----a-w C:\dotnetfx.exe
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 21:13 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-05-14 21:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:13 --------- d-----w C:\Program Files\Logitech
2008-05-14 21:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-14 21:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-14 12:34 --------- d-----w C:\Program Files\Common Files\CANON
2008-05-14 11:00 --------- d-----w C:\Program Files\Canon
2008-05-14 10:58 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-14 10:57 --------- d--h--w C:\Program Files\CanonBJ
2008-05-13 08:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 11:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-12 09:15 --------- d-----w C:\Program Files\Windows Live
2008-05-12 09:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-12 08:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-12 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-12 08:53 --------- d-----w C:\Program Files\McAfee.com
2008-05-12 08:53 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-12 08:34 --------- d-----w C:\Program Files\Skype
2008-05-12 08:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-12 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-12 07:58 --------- d-----w C:\Program Files\Google
2008-05-12 07:49 --------- d-----w C:\Program Files\Microsoft Works
2008-05-12 07:48 --------- d-----w C:\Program Files\MSBuild
2008-05-12 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-12 04:20 --------- d-----w C:\Program Files\Analog Devices
2008-05-12 04:19 --------- d-----w C:\Program Files\Intel
2008-05-12 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 04:00 558,142 ----a-w C:\WINDOWS\java\Packages\PF1VLV9B.ZIP
2008-05-12 04:00 155,995 ----a-w C:\WINDOWS\java\Packages\BHV9JRD7.ZIP
2008-05-12 04:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:15 218,134 ----a-w C:\WINDOWS\AppPatch\SETC3B.tmp
2008-04-14 00:15 204,396 ----a-w C:\WINDOWS\AppPatch\SETC3A.tmp
2008-04-14 00:15 1,202,774 ----a-w C:\WINDOWS\AppPatch\SETC39.tmp
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 299,520 ------w C:\WINDOWS\system32\SET181D.tmp
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\SET9C2.tmp
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 177,152 ----a-w C:\WINDOWS\system32\SET171C.tmp
2008-04-13 19:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 19:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 19:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\SET8F8.tmp
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\SETA7C.tmp
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\SET94C.tmp
2008-04-13 17:26 90,112 ----a-w C:\WINDOWS\system32\SET8B6.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET9D3.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET949.tmp
.

------- Sigcheck -------

2005-03-03 04:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-09 01:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 17:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-03 04:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 10:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll

2007-06-13 20:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 21:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 20:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 17:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 10:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 17:58 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-12 20:10 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-15 07:13 36864]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 10:12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-05 04:37 2899968]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-02-05 04:37 46080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 07:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 02:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 02:50 1603152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"nwiz"="nwiz.exe" [2004-02-05 04:37 782336 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 17:58:02 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-05-15 07:13:46 196608]
æTorrent.lnk - C:\Program Files\uTorrent\uTorrent.exe [2008-05-12 18:01:20 219952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 15:48:18 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-31 15:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{0CD717FD-7E41-4371-9670-EAB122651873} - (no file)
BHO-{653F519A-A7D2-490E-8DE8-CDBB61CF623B} - (no file)
BHO-{75D8A152-EFC1-41E8-9B9D-C51557F5F68D} - (no file)
BHO-{7A05C3BE-F3AC-4455-90EB-C8AC24AA4544} - (no file)
BHO-{ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
BHO-{E46B5994-78D7-4108-9870-D9E73449E508} - (no file)
BHO-{E9F725EC-044F-4C2A-92D9-964B4B3E58D8} - C:\WINDOWS\system32\awtSmlmM.dll
HKCU-Run-TomTomHOME.exe - C:\Program Files\TomTom HOME 2\HOMERunner.exe
HKLM-Run-1cf86c08 - C:\WINDOWS\system32\eajyufvx.dll
HKLM-Run-BM1fcb5f94 - C:\WINDOWS\system32\atpojexc.dll
Notify-tuVnmMfg - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 20:50:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-07-01 20:54:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 10:54:17

Pre-Run: 207,863,828,480 bytes free
Post-Run: 207,789,035,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

307 --- E O F --- 2008-06-11 11:54:48


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:08 PM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210566534578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210566601656
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: bw+0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9F972128-FEBF-42E7-AB0C-0