Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Explorer Bar Missing at Startup, Malwarekeeps coming back
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-29-2008, 04:23 AM   #1 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP


Explorer Bar Missing at Startup, Malwarekeeps coming back
When windows is started up, goes throught he whole process and then gets to the wallpaper and no explorer bar comes up. Can manually start with Task Manager.

Also, once running the CPU usage is constantly at 100% andvery slow mouse pointer responses.

When using IE, malware keeps returning. Have cleaned with both Adaware and Spybot but to no avail.

Please advise which logfiles you woul like posted.

Any help you can offer wuld be greatly appreciated.
ukko33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-29-2008, 08:40 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,016
OS: WinXP and Vista


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
Hello ukko33 and welcome,

Kindly follow the instructions in our sticky topic IMPORTANT - Read This Before Posting For Malware Removal Help
  • If you have any difficulty with any of the steps, move on to the next one.
  • Be sure to reach Step 5 and post the requested logs in your next reply.

If CPU usage remains at 100%, run Deckard's System Scanner (in Step 5) from Safe Mode.


**Please note this section of the forum is very busy, so please familiarize yourself with the Bumping Rules also found in Step 5 of our sticky topic mentioned above.

One of our Analysts will review your log as soon as possible.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 06-29-2008 at 08:41 AM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-30-2008, 05:36 AM   #3 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
One additional thing I forgot to mention in original post is the Windows Automatic Updates keeps changing to OFF.

Also, SPYbot is constantly notifying of attempted registry changes and attempts at adding BHO

Logs as requested:

Deckard's System Scanner v20071014.68
Run by scott on 2008-06-30 07:28:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:23 AM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\scott\Desktop\Stuff\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {75D8A152-EFC1-41E8-9B9D-C51557F5F68D} - C:\WINDOWS\system32\khfDvuSM.dll (file missing)
O2 - BHO: (no name) - {7A05C3BE-F3AC-4455-90EB-C8AC24AA4544} - C:\WINDOWS\system32\wvUlifGx.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - C:\WINDOWS\system32\tuVnmMfg.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM1fcb5f94] Rundll32.exe "C:\WINDOWS\system32\yfcvkrxv.dll",s
O4 - HKLM\..\Run: [1cf86c08] rundll32.exe "C:\WINDOWS\system32\tajdfrrw.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6999] command /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9693] cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4943] cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210566534578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210566601656
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: bw+0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuVnmMfg - C:\WINDOWS\SYSTEM32\tuVnmMfg.dll
O23 - Service: McAfee Application Installer Cleanup (0105421214752895) (0105421214752895mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\010542~1.EXE
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 23703 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 01:21:21 0 d-------- C:\WINDOWS\LastGood
2008-06-29 17:07:53 81920 --a------ C:\WINDOWS\system32\qrjjtfwc.dll
2008-06-29 17:07:29 90624 --a------ C:\WINDOWS\system32\yfcvkrxv.dll
2008-06-29 1744 509008 --ahs---- C:\WINDOWS\system32\MSuvDfhk.ini2
2008-06-28 23:54:57 691545 --a------ C:\WINDOWS\unins000.exe
2008-06-28 23:54:57 2550 --a------ C:\WINDOWS\unins000.dat
2008-06-28 23:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 23:38:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 23:38:04 0 d-------- C:\Program Files\SpywareBlaster
2008-06-28 18:30:37 81920 -----n--- C:\WINDOWS\system32\tajdfrrw.dll
2008-06-28 18:27:37 90624 --a------ C:\WINDOWS\system32\ajjickto.dll
2008-06-28 12:52:31 0 d-------- C:\Program Files\Trend Micro
2008-06-27 18:26:29 91648 --a------ C:\WINDOWS\system32\mperhxgu.dll
2008-06-27 18:22:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-27 08:17:47 0 d-------- C:\Documents and Settings\scott\Application Data\Windows Desktop Search
2008-06-26 20:05:44 0 d-------- C:\Program Files\Lavasoft
2008-06-26 20:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 20:05:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 18:25:39 91648 --a------ C:\WINDOWS\system32\onqntfdy.dll
2008-06-25 22:18:55 0 d-------- C:\Documents and Settings\scott\Application Data\Nero
2008-06-25 22:01:47 0 d-------- C:\Program Files\Nero
2008-06-25 22:01:47 0 d-------- C:\Program Files\Common Files\Nero
2008-06-25 22:01:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-25 21:57:22 485791 --ahs---- C:\WINDOWS\system32\xGfilUvw.ini2
2008-06-25 21:49:38 24576 --a------ C:\WINDOWS\system32\tuVnmMfg.dll
2008-06-06 13:15:29 0 d-------- C:\Documents and Settings\scott\Application Data\Canon
2008-06-04 12:35:41 0 d-------- C:\Documents and Settings\scott\Application Data\TomTom
2008-06-04 12:35:41 0 d-------- C:\Documents and Settings\scott\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-06-30 0758 0 d-------- C:\Documents and Settings\scott\Application Data\Skype
2008-06-30 01:21:20 0 d-------- C:\Program Files\McAfee
2008-06-29 17:05:27 0 d-------- C:\Documents and Settings\scott\Application Data\skypePM
2008-06-29 17:05:17 0 d-------- C:\Documents and Settings\scott\Application Data\uTorrent
2008-06-26 20:19:45 0 d-------- C:\Program Files\Windows Desktop Search
2008-06-26 20:05:09 0 d-------- C:\Program Files\Common Files
2008-06-25 21:49:05 0 d-------- C:\Program Files\Ahead
2008-06-14 10:37:17 0 d-------- C:\Documents and Settings\scott\Application Data\SiteAdvisor
2008-06-05 10:09:13 0 d-------- C:\Program Files\SiteAdvisor
2008-05-24 13:21:36 0 d-------- C:\Documents and Settings\scott\Application Data\Ahead
2008-05-20 13:26:01 0 d-------- C:\Program Files\uTorrent
2008-05-17 13:04:14 0 d-------- C:\Documents and Settings\scott\Application Data\DivX
2008-05-17 12:11:34 0 d-------- C:\Program Files\DivX
2008-05-17 11:47:02 0 d-------- C:\Program Files\Common Files\LightScribe
2008-05-17 10:59:32 0 d-------- C:\Documents and Settings\scott\Application Data\WinRAR
2008-05-15 07:13:34 0 d-------- C:\Program Files\Logitech
2008-05-15 07:13:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 07:07:47 0 d-------- C:\Program Files\Common Files\Logitech
2008-05-15 07:07:28 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-14 22:34:47 0 d-------- C:\Program Files\Common Files\CANON
2008-05-14 21:00:46 0 d-------- C:\Program Files\Canon
2008-05-14 20:57:30 0 d--h----- C:\Program Files\CanonBJ
2008-05-13 18:04:05 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-13 17:55:12 0 d-------- C:\Program Files\Messenger
2008-05-13 17:54:38 0 d-------- C:\Program Files\Movie Maker
2008-05-13 17:51:32 0 d-------- C:\Program Files\Windows NT
2008-05-13 17:43:33 0 d-------- C:\Documents and Settings\scott\Application Data\Adobe
2008-05-13 11:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 11:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 11:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 11:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 11:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 11:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-13 11:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 11:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 11:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 23:48:49 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-12 23:48:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-12 23:48:19 62 --ahs---- C:\Documents and Settings\scott\Application Data\desktop.ini
2008-05-12 19:15:33 0 d-------- C:\Program Files\Windows Live
2008-05-12 19:12:44 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 18:53:37 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-12 18:53:10 0 d-------- C:\Program Files\McAfee.com
2008-05-12 18:34:31 0 d-------- C:\Program Files\Skype
2008-05-12 18:34:29 0 d-------- C:\Program Files\Common Files\Skype
2008-05-12 17:59:43 0 d-------- C:\Documents and Settings\scott\Application Data\Google
2008-05-12 17:58:20 0 d-------- C:\Program Files\Google
2008-05-12 17:49:05 0 d-------- C:\Program Files\Microsoft Works
2008-05-12 17:48:56 0 d-------- C:\Program Files\MSBuild
2008-05-12 14:20:33 0 d-------- C:\Program Files\Analog Devices
2008-05-12 14:20:32 44 --a------ C:\WINDOWS\system32\msssc.dll
2008-05-12 14:19:53 0 d-------- C:\Program Files\Intel
2008-05-12 14:15:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-12 14:11:41 0 d-------- C:\Documents and Settings\scott\Application Data\Macromedia
2008-05-12 1433 0 d-------- C:\Documents and Settings\scott\Application Data\Identities
2008-05-12 14:00:34 0 d-------- C:\Program Files\microsoft frontpage
2008-05-12 14:00:22 0 -rahs---- C:\MSDOS.SYS
2008-05-12 14:00:22 0 -rahs---- C:\IO.SYS
2008-05-12 14:00:22 0 --a------ C:\CONFIG.SYS
2008-05-12 14:00:22 0 --a------ C:\AUTOEXEC.BAT
2008-05-12 13:57:17 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-12 13:55:55 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-12 13:55:51 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-12 13:55:51 0 d-------- C:\Program Files\Online Services
2008-05-12 13:55:37 0 d-------- C:\Program Files\MSN Gaming Zone


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75D8A152-EFC1-41E8-9B9D-C51557F5F68D}]
C:\WINDOWS\system32\khfDvuSM.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A05C3BE-F3AC-4455-90EB-C8AC24AA4544}]
C:\WINDOWS\system32\wvUlifGx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACED1C9F-2718-4512-9F69-F4E28C1F484F}]
06/25/2008 09:49 PM 24576 --a------ C:\WINDOWS\system32\tuVnmMfg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [02/05/2004 04:37 AM]
"nwiz"="nwiz.exe" [02/05/2004 04:37 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [02/05/2004 04:37 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/25/2007 07:57 AM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/15/2007 02:01 AM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 02:50 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM]
"BM1fcb5f94"="C:\WINDOWS\system32\yfcvkrxv.dll" [06/29/2008 05:07 PM]
"1cf86c08"="C:\WINDOWS\system32\tajdfrrw.dll" [06/28/2008 06:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/12/2008 05:58 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/12/2008 08:10 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:56 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [05/15/2008 07:13 AM]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" []
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [04/14/2008 10:12 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingD4943"=cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
"SpybotDeletingA6999"=command /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"
"SpybotDeletingC9693"=cmd /c del "C:\WINDOWS\system32\khfDvuSM.dll_old"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [5/12/2008 5:58:02 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [5/15/2008 7:13:46 AM]
æTorrent.lnk - C:\Program Files\uTorrent\uTorrent.exe [5/12/2008 6:01:20 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{ACED1C9F-2718-4512-9F69-F4E28C1F484F}"= C:\WINDOWS\system32\tuVnmMfg.dll [06/25/2008 09:49 PM 24576]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuVnmMfg]
tuVnmMfg.dll 06/25/2008 09:49 PM 24576 C:\WINDOWS\system32\tuVnmMfg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfDvuSM

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-30 07:31:55 ------------
ukko33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 06-30-2008, 09:33 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,016
OS: WinXP and Vista


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
Hello ukko33,

We'll begin with ComboFix.exe. Please download it from here and save it directly to your desktop.

Do not run it yet.

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console on your machine before doing any malware removal.

The Windows recovery console will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.



  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-01-2008, 04:58 AM   #5 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
ComboFix 08-06-30.2 - scott 2008-07-01 20:40:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1518 [GMT 10:00]
Running from: C:\Documents and Settings\scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\scott\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1fcb5f94.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abxdvcgy.ini
C:\WINDOWS\system32\ajjickto.dll
C:\WINDOWS\system32\atpojexc.dll
C:\WINDOWS\system32\cdjkucdu.ini
C:\WINDOWS\system32\cwftjjrq.ini
C:\WINDOWS\system32\eajyufvx.dll
C:\WINDOWS\system32\hifxtekm.ini
C:\WINDOWS\system32\hvvggvaq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MmlmStwa.ini
C:\WINDOWS\system32\MmlmStwa.ini2
C:\WINDOWS\system32\mperhxgu.dll
C:\WINDOWS\system32\MSuvDfhk.ini
C:\WINDOWS\system32\MSuvDfhk.ini2
C:\WINDOWS\system32\onqntfdy.dll
C:\WINDOWS\system32\opnolJBR.dll
C:\WINDOWS\system32\piqwyqcv.ini
C:\WINDOWS\system32\qrjjtfwc.dll
C:\WINDOWS\system32\RBJlonpo.ini
C:\WINDOWS\system32\RBJlonpo.ini2
C:\WINDOWS\system32\tuVnmMfg.dll
C:\WINDOWS\system32\wrrfdjat.ini
C:\WINDOWS\system32\xGfilUvw.ini
C:\WINDOWS\system32\xGfilUvw.ini2
C:\WINDOWS\system32\xvfuyjae.ini
C:\WINDOWS\system32\yfcvkrxv.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-06-30 23:13 . 2008-06-30 23:14 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-06-30 19:33 . 2008-06-30 19:34 <DIR> d-------- C:\Program Files\Panda Security
2008-06-29 11:04 . 2008-07-01 20:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-29 00:49 . 2008-07-01 08:09 211 --a------ C:\WINDOWS\wininit.ini
2008-06-29 00:11 . 2008-06-29 00:11 <DIR> d-------- C:\Deckard
2008-06-28 23:54 . 2008-06-28 23:53 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-28 23:54 . 2008-06-28 23:54 2,550 --a------ C:\WINDOWS\unins000.dat
2008-06-28 23:49 . 2008-06-28 23:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-28 23:49 . 2008-06-29 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 23:38 . 2008-06-28 23:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-28 23:38 . 2008-06-29 10:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 12:52 . 2008-06-28 12:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 08:17 . 2008-06-27 08:17 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Windows Desktop Search
2008-06-26 20:05 . 2008-06-26 20:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-26 20:05 . 2008-06-26 20:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 20:05 . 2008-06-26 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-26 18:25 . 2008-07-01 20:30 110,437 --a------ C:\WINDOWS\BM1fcb5f94.xml
2008-06-25 22:18 . 2008-06-25 22:18 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Nero
2008-06-25 22:01 . 2008-06-25 22:01 <DIR> d-------- C:\Program Files\Nero
2008-06-25 22:01 . 2008-06-25 22:04 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-25 22:01 . 2008-06-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-06 13:15 . 2008-06-06 13:15 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Canon
2008-06-04 12:35 . 2008-06-04 12:35 <DIR> d-------- C:\Documents and Settings\scott\Application Data\TomTom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 10:51 --------- d-----w C:\Documents and Settings\scott\Application Data\uTorrent
2008-07-01 10:51 --------- d-----w C:\Documents and Settings\scott\Application Data\Skype
2008-07-01 10:50 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-01 10:24 --------- d-----w C:\Documents and Settings\scott\Application Data\skypePM
2008-07-01 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-30 12:57 --------- d-----w C:\Program Files\McAfee
2008-06-26 10:19 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-25 11:49 --------- d-----w C:\Program Files\Ahead
2008-06-14 00:37 --------- d-----w C:\Documents and Settings\scott\Application Data\SiteAdvisor
2008-06-10 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-05 00:09 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-24 03:21 --------- d-----w C:\Documents and Settings\scott\Application Data\Ahead
2008-05-20 03:26 --------- d-----w C:\Program Files\uTorrent
2008-05-17 03:04 --------- d-----w C:\Documents and Settings\scott\Application Data\DivX
2008-05-17 02:11 --------- d-----w C:\Program Files\DivX
2008-05-17 01:47 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-17 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-17 01:02 23,510,720 ----a-w C:\dotnetfx.exe
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 21:13 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-05-14 21:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:13 --------- d-----w C:\Program Files\Logitech
2008-05-14 21:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-14 21:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-14 12:34 --------- d-----w C:\Program Files\Common Files\CANON
2008-05-14 11:00 --------- d-----w C:\Program Files\Canon
2008-05-14 10:58 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-14 10:57 --------- d--h--w C:\Program Files\CanonBJ
2008-05-13 08:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 11:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-12 09:15 --------- d-----w C:\Program Files\Windows Live
2008-05-12 09:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-12 08:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-12 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-12 08:53 --------- d-----w C:\Program Files\McAfee.com
2008-05-12 08:53 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-12 08:34 --------- d-----w C:\Program Files\Skype
2008-05-12 08:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-12 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-12 07:58 --------- d-----w C:\Program Files\Google
2008-05-12 07:49 --------- d-----w C:\Program Files\Microsoft Works
2008-05-12 07:48 --------- d-----w C:\Program Files\MSBuild
2008-05-12 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-12 04:20 --------- d-----w C:\Program Files\Analog Devices
2008-05-12 04:19 --------- d-----w C:\Program Files\Intel
2008-05-12 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 04:00 558,142 ----a-w C:\WINDOWS\java\Packages\PF1VLV9B.ZIP
2008-05-12 04:00 155,995 ----a-w C:\WINDOWS\java\Packages\BHV9JRD7.ZIP
2008-05-12 04:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:15 218,134 ----a-w C:\WINDOWS\AppPatch\SETC3B.tmp
2008-04-14 00:15 204,396 ----a-w C:\WINDOWS\AppPatch\SETC3A.tmp
2008-04-14 00:15 1,202,774 ----a-w C:\WINDOWS\AppPatch\SETC39.tmp
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 299,520 ------w C:\WINDOWS\system32\SET181D.tmp
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\SET9C2.tmp
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 177,152 ----a-w C:\WINDOWS\system32\SET171C.tmp
2008-04-13 19:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 19:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 19:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\SET8F8.tmp
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\SETA7C.tmp
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\SET94C.tmp
2008-04-13 17:26 90,112 ----a-w C:\WINDOWS\system32\SET8B6.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET9D3.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET949.tmp
.

------- Sigcheck -------

2005-03-03 04:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-09 01:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 17:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-03 04:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 10:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll

2007-06-13 20:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 21:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 20:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 17:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 10:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 17:58 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-12 20:10 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-15 07:13 36864]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 10:12 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-05 04:37 2899968]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-02-05 04:37 46080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 07:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 02:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 02:50 1603152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"nwiz"="nwiz.exe" [2004-02-05 04:37 782336 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 17:58:02 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-05-15 07:13:46 196608]
æTorrent.lnk - C:\Program Files\uTorrent\uTorrent.exe [2008-05-12 18:01:20 219952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 15:48:18 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-31 15:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{0CD717FD-7E41-4371-9670-EAB122651873} - (no file)
BHO-{653F519A-A7D2-490E-8DE8-CDBB61CF623B} - (no file)
BHO-{75D8A152-EFC1-41E8-9B9D-C51557F5F68D} - (no file)
BHO-{7A05C3BE-F3AC-4455-90EB-C8AC24AA4544} - (no file)
BHO-{ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
BHO-{E46B5994-78D7-4108-9870-D9E73449E508} - (no file)
BHO-{E9F725EC-044F-4C2A-92D9-964B4B3E58D8} - C:\WINDOWS\system32\awtSmlmM.dll
HKCU-Run-TomTomHOME.exe - C:\Program Files\TomTom HOME 2\HOMERunner.exe
HKLM-Run-1cf86c08 - C:\WINDOWS\system32\eajyufvx.dll
HKLM-Run-BM1fcb5f94 - C:\WINDOWS\system32\atpojexc.dll
Notify-tuVnmMfg - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 20:50:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-07-01 20:54:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 10:54:17

Pre-Run: 207,863,828,480 bytes free
Post-Run: 207,789,035,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

307 --- E O F --- 2008-06-11 11:54:48


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:08 PM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210566534578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210566601656
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: bw+0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 22128 bytes
ukko33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-01-2008, 08:21 AM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,016
OS: WinXP and Vista


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
Hello ukko33,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the tools being run below.

---------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' all of those Logitech O18 entries except the first, and last one. Leave these 2 intact:

O18 - Protocol: bw+0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/264224-explorer-bar-missing-startup-malwarekeeps-coming-back-post1566140.html#post1566140

Collect::
C:\WINDOWS\BM1fcb5f94.xml

File::
C:\WINDOWS\system32\drivers\lvuvc.hs
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
---------------------------------------------------------------------

It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis.exe and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky results
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2008, 08:24 AM   #7 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
ComboFix 08-06-30.2 - scott 2008-07-02 21:01:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1467 [GMT 10:00]
Running from: C:\Documents and Settings\scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\scott\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM1fcb5f94.xml
C:\WINDOWS\system32\_006389_.tmp.dll
C:\WINDOWS\system32\_006390_.tmp.dll
C:\WINDOWS\system32\_006391_.tmp.dll
C:\WINDOWS\system32\_006392_.tmp.dll
C:\WINDOWS\system32\_006399_.tmp.dll
C:\WINDOWS\system32\_006400_.tmp.dll
C:\WINDOWS\system32\_006401_.tmp.dll
C:\WINDOWS\system32\_006402_.tmp.dll
C:\WINDOWS\system32\_006404_.tmp.dll
C:\WINDOWS\system32\_006405_.tmp.dll
C:\WINDOWS\system32\_006408_.tmp.dll
C:\WINDOWS\system32\_006409_.tmp.dll
C:\WINDOWS\system32\_006411_.tmp.dll
C:\WINDOWS\system32\_006412_.tmp.dll
C:\WINDOWS\system32\_006413_.tmp.dll
C:\WINDOWS\system32\_006415_.tmp.dll
C:\WINDOWS\system32\_006418_.tmp.dll
C:\WINDOWS\system32\_006419_.tmp.dll
C:\WINDOWS\system32\_006423_.tmp.dll
C:\WINDOWS\system32\_006424_.tmp.dll
C:\WINDOWS\system32\_006426_.tmp.dll
C:\WINDOWS\system32\_006429_.tmp.dll
C:\WINDOWS\system32\_006431_.tmp.dll
C:\WINDOWS\system32\_006432_.tmp.dll
C:\WINDOWS\system32\_006433_.tmp.dll
C:\WINDOWS\system32\_006434_.tmp.dll
C:\WINDOWS\system32\_006435_.tmp.dll
C:\WINDOWS\system32\_006438_.tmp.dll
C:\WINDOWS\system32\_006439_.tmp.dll
C:\WINDOWS\system32\_006440_.tmp.dll
C:\WINDOWS\system32\_006441_.tmp.dll
C:\WINDOWS\system32\_006442_.tmp.dll
C:\WINDOWS\system32\_006447_.tmp.dll
C:\WINDOWS\system32\_006449_.tmp.dll
C:\WINDOWS\system32\_006450_.tmp.dll
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 06:42 . 2008-07-02 06:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-30 23:13 . 2008-06-30 23:14 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-06-30 19:33 . 2008-06-30 19:34 <DIR> d-------- C:\Program Files\Panda Security
2008-06-29 11:04 . 2008-07-01 21:16 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-29 00:49 . 2008-07-01 08:09 211 --a------ C:\WINDOWS\wininit.ini
2008-06-29 00:11 . 2008-06-29 00:11 <DIR> d-------- C:\Deckard
2008-06-28 23:54 . 2008-06-28 23:53 691,545 --a------ C:\WINDOWS\unins000.exe
2008-06-28 23:54 . 2008-06-28 23:54 2,550 --a------ C:\WINDOWS\unins000.dat
2008-06-28 23:49 . 2008-06-28 23:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-28 23:49 . 2008-06-29 00:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-28 23:38 . 2008-06-28 23:38 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-28 23:38 . 2008-06-29 10:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-28 12:52 . 2008-06-28 12:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 08:17 . 2008-06-27 08:17 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Windows Desktop Search
2008-06-26 20:05 . 2008-06-26 20:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-26 20:05 . 2008-06-26 20:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 20:05 . 2008-06-26 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-25 22:18 . 2008-06-25 22:18 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Nero
2008-06-25 22:01 . 2008-06-25 22:01 <DIR> d-------- C:\Program Files\Nero
2008-06-25 22:01 . 2008-06-25 22:04 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-25 22:01 . 2008-06-25 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-06 13:15 . 2008-06-06 13:15 <DIR> d-------- C:\Documents and Settings\scott\Application Data\Canon
2008-06-04 12:35 . 2008-06-04 12:35 <DIR> d-------- C:\Documents and Settings\scott\Application Data\TomTom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-02 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-02 02:53 --------- d-----w C:\Documents and Settings\scott\Application Data\uTorrent
2008-07-01 20:42 --------- d-----w C:\Program Files\McAfee
2008-07-01 10:52 --------- d-----w C:\Documents and Settings\scott\Application Data\Skype
2008-07-01 10:24 --------- d-----w C:\Documents and Settings\scott\Application Data\skypePM
2008-06-26 10:19 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-25 11:49 --------- d-----w C:\Program Files\Ahead
2008-06-14 00:37 --------- d-----w C:\Documents and Settings\scott\Application Data\SiteAdvisor
2008-06-10 11:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-05 00:09 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-24 03:21 --------- d-----w C:\Documents and Settings\scott\Application Data\Ahead
2008-05-20 03:26 --------- d-----w C:\Program Files\uTorrent
2008-05-17 03:04 --------- d-----w C:\Documents and Settings\scott\Application Data\DivX
2008-05-17 02:11 --------- d-----w C:\Program Files\DivX
2008-05-17 01:47 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-05-17 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-05-17 01:02 23,510,720 ----a-w C:\dotnetfx.exe
2008-05-16 01:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 21:13 118,784 ------r C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-05-14 21:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 21:13 --------- d-----w C:\Program Files\Logitech
2008-05-14 21:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-05-14 21:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-14 12:34 --------- d-----w C:\Program Files\Common Files\CANON
2008-05-14 11:00 --------- d-----w C:\Program Files\Canon
2008-05-14 10:58 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-05-14 10:57 --------- d--h--w C:\Program Files\CanonBJ
2008-05-13 08:04 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 11:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-05-12 09:15 --------- d-----w C:\Program Files\Windows Live
2008-05-12 09:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 09:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 08:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-12 08:56 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-12 08:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-12 08:53 --------- d-----w C:\Program Files\McAfee.com
2008-05-12 08:53 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-12 08:34 --------- d-----w C:\Program Files\Skype
2008-05-12 08:34 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-12 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-12 07:58 --------- d-----w C:\Program Files\Google
2008-05-12 07:49 --------- d-----w C:\Program Files\Microsoft Works
2008-05-12 07:48 --------- d-----w C:\Program Files\MSBuild
2008-05-12 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-12 04:20 --------- d-----w C:\Program Files\Analog Devices
2008-05-12 04:19 --------- d-----w C:\Program Files\Intel
2008-05-12 04:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-12 04:00 558,142 ----a-w C:\WINDOWS\java\Packages\PF1VLV9B.ZIP
2008-05-12 04:00 155,995 ----a-w C:\WINDOWS\java\Packages\BHV9JRD7.ZIP
2008-05-12 04:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:15 218,134 ----a-w C:\WINDOWS\AppPatch\SETC3B.tmp
2008-04-14 00:15 204,396 ----a-w C:\WINDOWS\AppPatch\SETC3A.tmp
2008-04-14 00:15 1,202,774 ----a-w C:\WINDOWS\AppPatch\SETC39.tmp
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 299,520 ------w C:\WINDOWS\system32\SET181D.tmp
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\SET9C2.tmp
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 177,152 ----a-w C:\WINDOWS\system32\SET171C.tmp
2008-04-13 19:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 19:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 19:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\SET8F8.tmp
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\SETA7C.tmp
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\SET94C.tmp
2008-04-13 17:26 90,112 ----a-w C:\WINDOWS\system32\SET8B6.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET9D3.tmp
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\SET949.tmp
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\SET9AA.tmp
.

------- Sigcheck -------

2005-03-03 04:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-09 01:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2004-08-04 17:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-03 04:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-14 10:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-09 01:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll

2007-06-13 20:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 21:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 20:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 17:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 10:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-01_20.53.59.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 06:52:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-02 09:41:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-01 06:52:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-02 09:41:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-01 06:52:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 09:41:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 17:58 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-12 20:10 21898024]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:56 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-15 07:13 36864]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-05 04:37 2899968]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-02-05 04:37 46080]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-25 07:57 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 02:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 02:50 1603152]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2221352]
"nwiz"="nwiz.exe" [2004-02-05 04:37 782336 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-12 17:58:02 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-05-15 07:13:46 196608]
æTorrent.lnk - C:\Program Files\uTorrent\uTorrent.exe [2008-05-12 18:01:20 219952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 0151171214944949mcinstcleanup;McAfee Application Installer Cleanup (0151171214944949);C:\WINDOWS\TEMP\015117~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 22:12]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 15:48:18 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-31 15:00:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 21:03:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 21:04:29
ComboFix-quarantined-files.txt 2008-07-02 11:04:25
ComboFix2.txt 2008-07-01 10:54:25

Pre-Run: 198,214,610,944 bytes free
Post-Run: 198,251,315,200 bytes free

279 --- E O F --- 2008-06-11 11:54:48




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 02, 2008 09:39:18
Records in database: 905296
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
H:\

Scan statistics:
Files scanned: 46710
Threat name: 9
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 01:01:23


File name / Threat name / Threats count
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080628-125743-391.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080628-125744-627.dll Infected: Trojan.Win32.Monder.acx 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080628-125811-642.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080628-125811-905.dll Infected: Trojan.Win32.Monder.acx 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080628-125823-681.dll Infected: Trojan.Win32.Monder.acx 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080628-125823-876.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080630-230941-763.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic 1
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080630-231054-358.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.zic 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ajjickto.dll.vir Infected: Trojan.Win32.Monder.wj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\atpojexc.dll.vir Infected: Trojan.Win32.Monderc.a 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eajyufvx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.zji 1
C:\QooBox\Quarantine\C\WINDOWS\system32\hvvggvaq.dll.vir Infected: Trojan.Win32.Monder.wg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\onqntfdy.dll.vir Infected: Trojan.Win32.Monder.aeo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\opnolJBR.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qrjjtfwc.dll.vir Infected: Trojan.Win32.Monder.wh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tuVnmMfg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.zic 1
C:\QooBox\Quarantine\C\WINDOWS\system32\yfcvkrxv.dll.vir Infected: Trojan.Win32.Monder.wj 1

The selected area was scanned.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:53 AM, on 7/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {0CD717FD-7E41-4371-9670-EAB122651873} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {653F519A-A7D2-490E-8DE8-CDBB61CF623B} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {75D8A152-EFC1-41E8-9B9D-C51557F5F68D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A05C3BE-F3AC-4455-90EB-C8AC24AA4544} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E46B5994-78D7-4108-9870-D9E73449E508} - (no file)
O2 - BHO: (no name) - {E9F725EC-044F-4C2A-92D9-964B4B3E58D8} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BM1fcb5f94] Rundll32.exe "C:\WINDOWS\system32\atpojexc.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210566534578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210566601656
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D8C4CE6-84E0-4D53-9832-7DDFA95ABEBE}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: bw+0 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9F972128-FEBF-42E7-AB0C-0E1930B857AF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuVnmMfg - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0151171214944949) (0151171214944949mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015117~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11648 bytes




System appears to be running smoother.
ukko33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-03-2008, 08:51 AM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,016
OS: WinXP and Vista


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
Hello ukko33,

Spybot's TeaTimer has put some entries back in, that we removed earlier.

Using Internet Explorer, download ResetTeaTimer.bat.

If you are using Firefox, right click the above link and choose ‘Save As’. Save it to your desktop.


Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

-------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {0CD717FD-7E41-4371-9670-EAB122651873} - (no file)
O2 - BHO: (no name) - {653F519A-A7D2-490E-8DE8-CDBB61CF623B} - (no file)
O2 - BHO: (no name) - {75D8A152-EFC1-41E8-9B9D-C51557F5F68D} - (no file)
O2 - BHO: (no name) - {7A05C3BE-F3AC-4455-90EB-C8AC24AA4544} - (no file)
O2 - BHO: (no name) - {ACED1C9F-2718-4512-9F69-F4E28C1F484F} - (no file)
O2 - BHO: (no name) - {E46B5994-78D7-4108-9870-D9E73449E508} - (no file)
O2 - BHO: (no name) - {E9F725EC-044F-4C2A-92D9-964B4B3E58D8} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [BM1fcb5f94] Rundll32.exe "C:\WINDOWS\system32\atpojexc.dll",s
O20 - Winlogon Notify: tuVnmMfg - C:\WINDOWS\


Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------


Kaspersky is only reporting backups created during the course of this fix, and items located in C:\System Volume Information\, which is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache shortly.


Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-04-2008, 06:43 AM   #9 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
Thread resolved.

Thanks for all your assistance it is greatly appreciated.
ukko33 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-04-2008, 06:58 AM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,016
OS: WinXP and Vista


Re: Explorer Bar Missing at Startup, Malwarekeeps coming back
You're welcome, take care.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:12 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85