Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection - Ie And Ff Won't Load Pages


  • This topic is locked This topic is locked
24 replies to this topic

#1 Simonsays

Simonsays

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 28 June 2008 - 05:27 PM

So... I have a problem, IE and FF won't go to anything but MSN and google, and if I search something it won't go to the link I click on for what I searched for.
I use the internet for everything, and this is catastrophic!


Heres my Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:54 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\RealVNC\VNC4\vncviewer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {284EEE48-48CC-4386-BF64-0101276559B8} - C:\WINDOWS\system32\khfGyyax.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {36720b37-45be-c30a-5544-823bfd72b6d9} - {9d6b27df-b328-4455-a03c-eb5473b02763} - C:\WINDOWS\system32\dnhpmv.dll
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - C:\WINDOWS\system32\awtuuSLD.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [BM173be22d] Rundll32.exe "C:\WINDOWS\system32\ftfyfoon.dll",s
O4 - HKLM\..\Run: [1408d1b1] rundll32.exe "C:\WINDOWS\system32\vjdwnskq.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtuuSLD - C:\WINDOWS\SYSTEM32\awtuuSLD.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10955 bytes

Thanks,
Nick

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 29 June 2008 - 08:51 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Simonsays

Simonsays
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 29 June 2008 - 06:51 PM

Deckard's System Scanner v20071014.68
Run by Nick on 2008-06-30 03:10:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:00 AM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\RealVNC\VNC4\vncviewer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Nick\Desktop\cdvd\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nick.exe

O2 - BHO: {cc44d8e4-4d45-3299-2d94-913b5c9594f3} - {3f4959c5-b319-49d2-9923-54d44e8d44cc} - C:\WINDOWS\system32\cdrqow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {BABEE33E-676E-42C5-ADE5-7F52C07D7597} - C:\WINDOWS\system32\khfGyyax.dll
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - C:\WINDOWS\system32\awtuuSLD.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [BM173be22d] Rundll32.exe "C:\WINDOWS\system32\lcukwbbe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: awtuuSLD - C:\WINDOWS\SYSTEM32\awtuuSLD.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8689 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 02:24:36 0 d-------- C:\WINDOWS\Prefetch
2008-06-30 02:19:40 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-06-30 02:14:30 0 d-------- C:\WINDOWS\system32\scripting
2008-06-30 02:14:29 0 d-------- C:\WINDOWS\system32\en
2008-06-30 02:14:29 0 d-------- C:\WINDOWS\system32\bits
2008-06-30 02:14:29 0 d-------- C:\WINDOWS\l2schemas
2008-06-30 02:13:20 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-30 02:11:27 0 d-------- C:\WINDOWS\network diagnostic
2008-06-30 02:07:51 0 d-------- C:\WINDOWS\EHome
2008-06-30 00:25:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-29 19:16:57 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-06-29 19:16:57 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-06-29 19:16:57 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-06-29 19:16:57 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-06-29 19:16:57 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-06-29 19:16:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-06-29 18:57:47 103424 --a------ C:\WINDOWS\system32\cdrqow.dll
2008-06-29 18:57:45 103424 --a------ C:\WINDOWS\system32\hmihohxg.dll
2008-06-29 18:54:45 82432 --a------ C:\WINDOWS\system32\pbsoojvj.dll
2008-06-29 18:52:02 90624 --a------ C:\WINDOWS\system32\lcukwbbe.dll
2008-06-29 14:18:38 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 10:30:30 103424 --a------ C:\WINDOWS\system32\disykw.dll
2008-06-29 10:30:29 103424 --a------ C:\WINDOWS\system32\ghogclth.dll
2008-06-29 10:30:22 90624 --a------ C:\WINDOWS\system32\tgkymrdt.dll
2008-06-29 10:28:36 103424 --a------ C:\WINDOWS\system32\vxkcnp.dll
2008-06-29 10:28:33 103424 --a------ C:\WINDOWS\system32\kflsbclc.dll
2008-06-29 10:28:25 90624 --a------ C:\WINDOWS\system32\vpwgrpmt.dll
2008-06-29 00:37:53 0 d-a------ C:\Program Files\Alcohol Soft
2008-06-28 14:52:43 0 d-a------ C:\Program Files\Trend Micro
2008-06-28 02:01:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-28 02:00:32 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-06-28 02:00:32 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-28 02:00:32 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-06-28 02:00:32 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-06-28 02:00:32 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-28 02:00:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-28 01:54:43 345 --ahs---- C:\WINDOWS\system32\uDKUvGgh.ini2
2008-06-28 01:26:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 21:08:16 4718592 --a------ C:\Documents and Settings\Nick\ntuser.dat
2008-06-26 21:08:15 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-06-26 21:07:18 656007 --ahs---- C:\WINDOWS\system32\xayyGfhk.ini2
2008-06-26 21:07:09 319488 --a------ C:\WINDOWS\system32\khfGyyax.dll
2008-06-26 21:02:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 21:02:19 0 d-a------ C:\Program Files\Fraps
2008-06-26 21:02:04 25600 --a------ C:\WINDOWS\system32\awtuuSLD.dll
2008-06-24 01:40:56 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-24 01:28:33 0 d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-06-24 01:26:59 0 d-------- C:\Program Files\LG Software Innovations
2008-06-23 12:06:28 0 d-------- C:\Documents and Settings\Nick\Application Data\TortoiseSVN
2008-06-23 12:05:13 0 d-a------ C:\Documents and Settings\Nick\Application Data\Subversion
2008-06-23 12:04:27 0 d-a------ C:\Program Files\TortoiseSVN
2008-06-23 12:04:26 0 d-a------ C:\Program Files\Common Files\TortoiseOverlays
2008-06-23 10:35:52 0 d-------- C:\Documents and Settings\Nick\Application Data\Locktime
2008-06-23 10:35:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-23 10:35:24 0 d-------- C:\Program Files\NetLimiter 2 Pro
2008-06-21 21:51:05 0 d-a------ C:\Documents and Settings\NetworkService\Application Data\Roxio
2008-06-17 13:20:56 0 d-a------ C:\Program Files\Windows Media Connect 2
2008-06-17 13:19:07 0 d-a------ C:\WINDOWS\system32\LogFiles
2008-06-17 13:19:07 0 d-a------ C:\WINDOWS\system32\drivers\UMDF
2008-06-12 13:14:11 0 d-a------ C:\WINDOWS\SxsCaPendDel
2008-06-11 23:23:14 0 d-a------ C:\Program Files\EphPod
2008-06-11 22:54:05 0 d-a------ C:\Documents and Settings\Nick\Application Data\CopyTrans
2008-06-11 22:52:50 0 d-a------ C:\Program Files\WindSolutions
2008-06-11 22:52:41 0 d-a------ C:\Documents and Settings\Nick\Application Data\CopyTransControlCenter
2008-06-11 22:52:41 0 d-a------ C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2008-06-07 21:30:59 0 d-a------ C:\Program Files\uTorrent
2008-06-07 21:30:57 0 d-a------ C:\Documents and Settings\Nick\Application Data\uTorrent
2008-06-07 01:28:07 0 d-------- C:\Documents and Settings\Nick\.vnc
2008-06-02 18:24:41 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-06-02 18:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd


-- Find3M Report ---------------------------------------------------------------

2008-06-30 02:14:40 0 d-------- C:\Program Files\Messenger
2008-06-30 02:14:29 0 d-------- C:\Program Files\Movie Maker
2008-06-30 02:13:09 0 d-------- C:\Program Files\Windows NT
2008-06-30 00:41:52 0 d-------- C:\Documents and Settings\Nick\Application Data\Skype
2008-06-29 21:39:05 0 d-a------ C:\Program Files\Common Files\Adobe
2008-06-29 21:32:51 0 d-------- C:\Documents and Settings\Nick\Application Data\Adobe
2008-06-29 19:21:04 0 d-------- C:\Documents and Settings\Nick\Application Data\skypePM
2008-06-29 19:07:07 0 d-------- C:\Documents and Settings\Nick\Application Data\Apple Computer
2008-06-26 02:33:10 0 d-------- C:\Documents and Settings\Nick\Application Data\Ventrilo
2008-06-24 01:28:28 0 d-a------ C:\Documents and Settings\Nick\Application Data\Vso
2008-06-24 01:28:27 34 --a------ C:\Documents and Settings\Nick\Application Data\pcouffin.log
2008-06-24 01:28:16 47360 --a------ C:\Documents and Settings\Nick\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-24 01:28:16 1144 --a------ C:\Documents and Settings\Nick\Application Data\pcouffin.inf
2008-06-24 01:28:16 7887 --a------ C:\Documents and Settings\Nick\Application Data\pcouffin.cat
2008-06-24 00:14:25 0 d-------- C:\Documents and Settings\Nick\Application Data\Roxio
2008-06-23 12:04:26 0 d-------- C:\Program Files\Common Files
2008-06-23 10:37:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 11:11:19 0 d-------- C:\Documents and Settings\Nick\Application Data\Mozilla
2008-06-12 16:22:43 0 d-------- C:\Program Files\Logitech
2008-06-07 21:35:10 0 d-------- C:\Documents and Settings\Nick\Application Data\Azureus
2008-06-07 21:02:03 0 d-------- C:\Program Files\World of Warcraft
2008-05-27 17:09:16 0 d-a------ C:\Program Files\keyclone
2008-05-26 21:52:37 1283912 --a------ C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe <Not Verified; Blizzard Entertainment; Blizzard Downloader>
2008-05-26 21:52:37 0 d-a------ C:\Program Files\WoW-2.3.0.7561-enUS
2008-05-26 16:14:26 0 d-a------ C:\Program Files\Handbrake
2008-05-24 08:58:23 13824 --a------ C:\Documents and Settings\Nick\Application Data\Settings.cfg
2008-05-24 01:16:12 0 d-a------ C:\Program Files\Common Files\Adobe Systems Shared
2008-05-24 00:51:47 0 d-a------ C:\Documents and Settings\Nick\Application Data\Nick
2008-05-23 20:01:51 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2008-05-23 20:01:42 81920 --a------ C:\Documents and Settings\Nick\Application Data\ezpinst.exe
2008-05-23 20:01:40 0 d-a------ C:\Program Files\CloneDVD
2008-05-23 15:10:03 35190 --a------ C:\WINDOWS\scunin.dat
2008-05-23 15:10:02 967 --a------ C:\WINDOWS\ScUnin.pif
2008-05-23 15:10:02 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-05-23 15:02:11 0 d-a------ C:\Program Files\Starcraft
2008-05-20 15:06:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-20 03:01:04 0 d-a------ C:\Program Files\Microsoft Silverlight
2008-05-19 17:25:03 0 d-------- C:\Documents and Settings\Nick\Application Data\SiteClasses
2008-05-19 16:04:50 0 d-a------ C:\Documents and Settings\Nick\Application Data\LimeWire
2008-05-19 15:22:45 0 d-a------ C:\Documents and Settings\Nick\Application Data\Sun
2008-05-18 20:18:54 0 d-a------ C:\Documents and Settings\Nick\Application Data\vlc
2008-05-18 20:18:52 0 d-a------ C:\Program Files\Java
2008-05-18 20:14:03 0 d-a------ C:\Program Files\Common Files\Java
2008-05-18 19:46:28 0 d-------- C:\Documents and Settings\Nick\Application Data\Macromedia
2008-05-18 19:43:27 0 d-a------ C:\Program Files\Common Files\Macromedia
2008-05-18 19:42:28 0 d-a------ C:\Program Files\Macromedia
2008-05-18 19:41:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-18 18:44:26 0 d-------- C:\Program Files\Azureus
2008-05-07 22:12:08 0 d-------- C:\Program Files\AIM6
2008-05-07 22:11:19 0 d-------- C:\Program Files\Viewpoint
2008-04-30 06:59:22 0 d-a------ C:\Program Files\Microsoft Visual Studio 9.0
2008-04-30 06:47:44 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-04-07 21:51:41 1158 --a------ C:\WINDOWS\mozver.dat
2008-04-06 17:12:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-06 03:17:21 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-05 02:13:12 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-05 01:48:55 109920 --a------ C:\WINDOWS\hpoins08.dat
2008-04-04 23:08:42 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-04 23:02:44 0 -rahs---- C:\MSDOS.SYS
2008-04-04 23:02:44 0 -rahs---- C:\IO.SYS
2008-04-04 23:02:44 0 --a------ C:\CONFIG.SYS
2008-04-04 23:02:44 0 --a------ C:\AUTOEXEC.BAT
2008-04-04 23:00:45 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-04 10:10:55 62 --ahs---- C:\Documents and Settings\Nick\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f4959c5-b319-49d2-9923-54d44e8d44cc}]
06/29/2008 06:57 PM 103424 --a------ C:\WINDOWS\system32\cdrqow.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BABEE33E-676E-42C5-ADE5-7F52C07D7597}]
06/26/2008 09:07 PM 319488 --a------ C:\WINDOWS\system32\khfGyyax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D554A583-D4CF-4A6F-B07A-CB25F60FA743}]
06/26/2008 09:02 PM 25600 --a------ C:\WINDOWS\system32\awtuuSLD.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/16/2007 08:51 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/16/2007 08:51 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/16/2007 08:51 PM]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04/19/2007 03:05 PM]
"nwiz"="nwiz.exe" [04/19/2007 03:05 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04/19/2007 03:05 PM]
"vptray"="C:\Program Files\NavNT\vptray.exe" [09/24/2001 07:59 AM]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [12/13/2007 05:43 PM]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [12/13/2007 05:57 PM]
"RTHDCPL"="RTHDCPL.EXE" [04/26/2007 02:27 PM C:\WINDOWS\RTHDCPL.EXE]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 12:35 PM]
"BM173be22d"="C:\WINDOWS\system32\lcukwbbe.dll" [06/29/2008 06:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 05:12 PM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [03/20/2008 09:46 AM]

C:\Documents and Settings\Nick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 12:40:44 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D554A583-D4CF-4A6F-B07A-CB25F60FA743}"= C:\WINDOWS\system32\awtuuSLD.dll [06/26/2008 09:02 PM 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuSLD]
awtuuSLD.dll 06/26/2008 09:02 PM 25600 C:\WINDOWS\system32\awtuuSLD.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfGyyax

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-30 03:13:17 ------------

Edited by Simonsays, 30 June 2008 - 05:13 AM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 30 June 2008 - 08:36 AM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: {cc44d8e4-4d45-3299-2d94-913b5c9594f3} - {3f4959c5-b319-49d2-9923-54d44e8d44cc} - C:\WINDOWS\system32\cdrqow.dll
O2 - BHO: (no name) - {BABEE33E-676E-42C5-ADE5-7F52C07D7597} - C:\WINDOWS\system32\khfGyyax.dll
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - C:\WINDOWS\system32\awtuuSLD.dll
O4 - HKLM\..\Run: [BM173be22d] Rundll32.exe "C:\WINDOWS\system32\lcukwbbe.dll",s




Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Simonsays

Simonsays
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 30 June 2008 - 08:16 PM

Heres that log.

ComboFix 08-06-20.4 - Nick 2008-06-30 17:54:59.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2568 [GMT -7:00]
Running from: C:\Documents and Settings\Nick\Desktop\cdvd\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM173be22d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gwhfdmpi.ini
C:\WINDOWS\system32\jvjoosbp.ini
C:\WINDOWS\system32\khfGyyax.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\smquxgtk.ini
C:\WINDOWS\system32\uDKUvGgh.ini2
C:\WINDOWS\system32\xayyGfhk.ini
C:\WINDOWS\system32\xayyGfhk.ini2
C:\WINDOWS\system32\ykphrpli.ini
E:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  )))))))))))))))))))))))))))))))
.

2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\system32\scripting
2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\system32\en
2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\system32\bits
2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\l2schemas
2008-06-30 02:13 . 2008-06-30 02:13	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-06-30 02:07 . 2008-06-30 02:07	<DIR>	d--------	C:\WINDOWS\EHome
2008-06-30 00:25 . 2008-06-30 00:25	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-29 19:16 . 2008-06-29 19:16	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\sysprs7.tgz
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\sysprs7.dll
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\clauth2.dll
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\clauth1.dll
2008-06-29 19:16 . 2008-06-29 19:16	219	--a------	C:\WINDOWS\system32\lsprst7.tgz
2008-06-29 19:16 . 2008-06-29 19:16	205	--a------	C:\WINDOWS\system32\lsprst7.dll
2008-06-29 19:16 . 2008-06-29 19:16	87	--a------	C:\WINDOWS\system32\ssprs.tgz
2008-06-29 19:16 . 2008-06-29 19:16	73	--a------	C:\WINDOWS\system32\ssprs.dll
2008-06-29 18:57 . 2008-06-29 18:57	103,424	--a------	C:\WINDOWS\system32\hmihohxg.dll
2008-06-29 18:57 . 2008-06-29 18:57	103,424	--a------	C:\WINDOWS\system32\cdrqow.dll
2008-06-29 18:54 . 2008-06-29 18:54	82,432	--a------	C:\WINDOWS\system32\pbsoojvj.dll
2008-06-29 18:52 . 2008-06-29 18:52	90,624	--a------	C:\WINDOWS\system32\lcukwbbe.dll
2008-06-29 14:18 . 2008-06-29 14:18	716,272	--a------	C:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 10:30 . 2008-06-29 10:30	103,424	--a------	C:\WINDOWS\system32\ghogclth.dll
2008-06-29 10:30 . 2008-06-29 10:30	103,424	--a------	C:\WINDOWS\system32\disykw.dll
2008-06-29 10:30 . 2008-06-29 10:30	90,624	--a------	C:\WINDOWS\system32\tgkymrdt.dll
2008-06-29 10:28 . 2008-06-29 10:28	103,424	--a------	C:\WINDOWS\system32\vxkcnp.dll
2008-06-29 10:28 . 2008-06-29 10:28	103,424	--a------	C:\WINDOWS\system32\kflsbclc.dll
2008-06-29 10:28 . 2008-06-29 10:28	90,624	--a------	C:\WINDOWS\system32\vpwgrpmt.dll
2008-06-29 00:37 . 2008-06-29 00:37	<DIR>	d-a------	C:\Program Files\Alcohol Soft
2008-06-28 14:52 . 2008-06-28 14:52	<DIR>	d-a------	C:\Program Files\Trend Micro
2008-06-28 02:00 . 2008-06-28 02:23	<DIR>	d---s----	C:\Documents and Settings\Administrator
2008-06-28 01:26 . 2008-06-28 02:25	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-06-28 01:26 . 2008-06-28 02:25	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 21:02 . 2008-06-28 00:28	<DIR>	d-a------	C:\Program Files\Fraps
2008-06-26 21:02 . 2008-06-29 00:24	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 21:02 . 2008-06-26 21:02	25,600	--a------	C:\WINDOWS\system32\awtuuSLD.dll
2008-06-24 01:40 . 2008-06-24 01:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-24 01:28 . 2008-06-24 01:56	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-06-24 01:28 . 2008-06-24 01:28	87,608	--a------	C:\Documents and Settings\Nick\Application Data\inst.exe
2008-06-24 01:26 . 2008-06-24 01:26	<DIR>	d--------	C:\Program Files\LG Software Innovations
2008-06-23 12:06 . 2008-06-23 12:39	<DIR>	d--------	C:\Documents and Settings\Nick\Application Data\TortoiseSVN
2008-06-23 12:05 . 2008-06-23 12:05	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\Subversion
2008-06-23 12:04 . 2008-06-23 12:04	<DIR>	d-a------	C:\Program Files\TortoiseSVN
2008-06-23 12:04 . 2008-06-23 12:04	<DIR>	d-a------	C:\Program Files\Common Files\TortoiseOverlays
2008-06-23 10:35 . 2008-06-23 10:35	<DIR>	d--------	C:\Program Files\NetLimiter 2 Pro
2008-06-23 10:35 . 2008-06-23 10:35	<DIR>	d--------	C:\Documents and Settings\Nick\Application Data\Locktime
2008-06-23 10:35 . 2008-06-23 10:35	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-21 21:51 . 2008-06-21 21:51	<DIR>	d-a------	C:\Documents and Settings\NetworkService\Application Data\Roxio
2008-06-17 13:21 . 2004-08-04 03:00	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-06-17 13:20 . 2008-06-24 00:11	<DIR>	d-a------	C:\Program Files\Windows Media Connect 2
2008-06-17 13:19 . 2008-06-17 13:19	<DIR>	d-a------	C:\WINDOWS\system32\LogFiles
2008-06-17 13:19 . 2008-06-17 13:20	<DIR>	d-a------	C:\WINDOWS\system32\drivers\UMDF
2008-06-12 16:24 . 2008-06-30 18:05	0	--a------	C:\WINDOWS\system32\drivers\logiflt.iad
2008-06-12 13:15 . 2007-10-11 19:00	3,647,384	--a------	C:\WINDOWS\system32\drivers\lvuvc.sys
2008-06-12 13:15 . 2007-10-11 18:59	1,920,920	--a------	C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-06-12 13:15 . 2007-10-11 19:00	490,008	--a------	C:\WINDOWS\system32\LVUI2.dll
2008-06-12 13:15 . 2007-10-11 19:00	465,432	--a------	C:\WINDOWS\system32\LVUI2RC.dll
2008-06-12 13:15 . 2007-10-11 18:57	416,280	--a------	C:\WINDOWS\system32\lvcodec2.dll
2008-06-12 13:15 . 2007-10-11 18:57	195,096	--a------	C:\WINDOWS\system32\lvci1150.dll
2008-06-12 13:15 . 2007-10-11 18:11	59,500	--a------	C:\WINDOWS\system32\lvcoinst.ini
2008-06-12 13:15 . 2007-10-11 19:00	41,752	--a------	C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-06-12 13:15 . 2007-10-11 19:01	23,832	--a------	C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-06-12 13:15 . 2007-10-11 18:18	21,138	--a------	C:\WINDOWS\system32\Repository.reg
2008-06-12 13:14 . 2008-06-12 19:42	<DIR>	d-a------	C:\WINDOWS\SxsCaPendDel
2008-06-11 23:23 . 2008-06-11 23:38	<DIR>	d-a------	C:\Program Files\EphPod
2008-06-11 22:54 . 2008-06-11 23:11	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\CopyTrans
2008-06-11 22:52 . 2008-06-11 22:52	<DIR>	d-a------	C:\Program Files\WindSolutions
2008-06-11 22:52 . 2008-06-11 22:52	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\CopyTransControlCenter
2008-06-11 22:52 . 2008-06-11 22:53	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2008-06-11 22:45 . 2008-05-08 07:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 22:44 . 2008-06-13 04:05	272,128	--a------	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:44 . 2008-06-13 04:05	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:30 . 2008-06-07 21:30	<DIR>	d-a------	C:\Program Files\uTorrent
2008-06-07 21:30 . 2008-06-29 14:18	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\uTorrent
2008-06-07 01:28 . 2008-06-07 01:28	<DIR>	d--------	C:\Documents and Settings\Nick\.vnc
2008-06-07 01:27 . 2008-05-20 15:08	20,992	--a------	C:\WINDOWS\system32\vncmirror.dll
2008-06-07 01:27 . 2008-05-20 15:08	4,608	--a------	C:\WINDOWS\system32\drivers\vncmirror.sys
2008-06-02 18:34 . 2008-06-30 18:05	0	--a------	C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-02 18:33 . 2007-05-11 17:28	195,360	-ra------	C:\WINDOWS\system32\lvci1100.dll
2008-06-02 18:27 . 2008-06-02 18:27	127,034	-r-------	C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-06-02 18:24 . 2008-06-12 16:24	<DIR>	d--------	C:\Program Files\Common Files\LogiShrd
2008-06-02 18:23 . 2008-06-12 16:22	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-02 18:22 . 2008-04-13 11:46	85,248	--a------	C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-06-02 18:22 . 2008-04-13 11:46	19,200	--a------	C:\WINDOWS\system32\drivers\wstcodec.sys
2008-06-02 18:22 . 2008-04-13 11:46	17,024	--a------	C:\WINDOWS\system32\drivers\ccdecode.sys
2008-06-02 18:22 . 2008-04-13 17:12	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-06-02 18:22 . 2008-04-13 11:46	15,232	--a------	C:\WINDOWS\system32\drivers\streamip.sys
2008-06-02 18:22 . 2008-04-13 11:46	11,136	--a------	C:\WINDOWS\system32\drivers\slip.sys
2008-06-02 18:22 . 2008-04-13 11:46	10,880	--a------	C:\WINDOWS\system32\drivers\ndisip.sys
2008-06-02 18:22 . 2008-04-13 11:39	5,504	--a------	C:\WINDOWS\system32\drivers\mstee.sys
2008-06-02 18:21 . 2008-04-13 11:46	121,984	--a------	C:\WINDOWS\system32\drivers\usbvideo.sys
2008-06-02 18:21 . 2008-04-13 17:12	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-06-02 18:21 . 2008-04-13 17:12	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-06-02 18:21 . 2008-04-13 11:45	60,032	--a------	C:\WINDOWS\system32\drivers\usbaudio.sys
2008-06-02 18:21 . 2008-04-13 17:12	53,760	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-06-02 18:21 . 2008-04-13 17:12	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-06-02 18:21 . 2008-04-13 17:12	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-06-02 18:21 . 2008-04-13 17:12	20,992	--a------	C:\WINDOWS\system32\dshowext.ax

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 07:41	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Skype
2008-06-30 04:39	---------	d---a-w	C:\Program Files\Common Files\Adobe
2008-06-30 02:21	---------	d-----w	C:\Documents and Settings\Nick\Application Data\skypePM
2008-06-30 02:07	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Apple Computer
2008-06-26 09:33	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Ventrilo
2008-06-24 08:28	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-24 08:28	47,360	----a-w	C:\Documents and Settings\Nick\Application Data\pcouffin.sys
2008-06-24 08:28	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\Vso
2008-06-24 07:14	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Roxio
2008-06-23 17:37	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-06-12 23:22	---------	d-----w	C:\Program Files\Logitech
2008-06-10 07:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-08 04:35	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Azureus
2008-06-08 04:02	---------	d-----w	C:\Program Files\World of Warcraft
2008-06-03 01:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-28 00:09	---------	d---a-w	C:\Program Files\keyclone
2008-05-27 04:52	1,283,912	----a-w	C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-05-27 04:52	---------	d---a-w	C:\Program Files\WoW-2.3.0.7561-enUS
2008-05-26 23:16	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-26 23:14	---------	d---a-w	C:\Program Files\Handbrake
2008-05-24 08:16	---------	d---a-w	C:\Program Files\Common Files\Adobe Systems Shared
2008-05-24 08:16	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-24 07:51	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\Nick
2008-05-24 03:01	81,920	----a-w	C:\Documents and Settings\Nick\Application Data\ezpinst.exe
2008-05-24 03:01	---------	d---a-w	C:\Program Files\CloneDVD
2008-05-24 03:01	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-05-23 22:30	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-23 22:10	94,208	----a-w	C:\WINDOWS\ScUnin.exe
2008-05-23 22:02	---------	d---a-w	C:\Program Files\Starcraft
2008-05-20 22:06	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-05-20 10:01	---------	d---a-w	C:\Program Files\Microsoft Silverlight
2008-05-20 00:25	---------	d-----w	C:\Documents and Settings\Nick\Application Data\SiteClasses
2008-05-19 23:04	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\LimeWire
2008-05-19 03:18	---------	d---a-w	C:\Program Files\Java
2008-05-19 03:18	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\vlc
2008-05-19 03:14	---------	d---a-w	C:\Program Files\Common Files\Java
2008-05-19 02:43	---------	d---a-w	C:\Program Files\Common Files\Macromedia
2008-05-19 02:42	---------	d---a-w	C:\Program Files\Macromedia
2008-05-19 02:41	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-05-19 01:44	---------	d-----w	C:\Program Files\Azureus
2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 05:12	---------	d-----w	C:\Program Files\AIM6
2008-05-08 05:11	---------	d-----w	C:\Program Files\Viewpoint
2008-05-08 05:11	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-14 00:11	451,072	----a-w	C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11	39,424	----a-w	C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11	376,832	----a-w	C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
2008-04-14 00:11	245,248	----a-w	C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11	141,312	----a-w	C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11	116,224	----a-w	C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11	1,852,928	----a-w	C:\WINDOWS\AppPatch\acgenral.dll
2008-04-05 20:27	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-05 06:08	315,392	----a-w	C:\WINDOWS\HideWin.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D554A583-D4CF-4A6F-B07A-CB25F60FA743}]
2008-06-26 21:02	25600	--a------	C:\WINDOWS\system32\awtuuSLD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F742A2DF-090B-4CB5-83BD-14BD2F107216}]
2008-06-30 18:12	320000	--a------	C:\WINDOWS\system32\xxyayATJ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@={C5994560-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@={C5994561-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@={C5994562-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@={C5994563-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@={C5994564-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@={C5994565-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@={C5994566-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@={C5994567-53D9-4125-87C9-F193FC689CB2}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@={C5994568-53D9-4125-87C9-F193FC689CB2}

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 09:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 20:51 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 20:51 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 20:51 138008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 15:05 8429568]
"nwiz"="nwiz.exe" [2007-04-19 15:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 15:05 81920]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59 73728]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 14:27 16132608 C:\WINDOWS\RTHDCPL.EXE]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"BM173be22d"="C:\WINDOWS\system32\lcukwbbe.dll" [2008-06-29 18:52 90624]

C:\Documents and Settings\Nick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 12:40:44 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D554A583-D4CF-4A6F-B07A-CB25F60FA743}"= C:\WINDOWS\system32\awtuuSLD.dll [2008-06-26 21:02 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuSLD]
awtuuSLD.dll 2008-06-26 21:02 25600 C:\WINDOWS\system32\awtuuSLD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages	REG_MULTI_SZ   	msv1_0 C:\WINDOWS\system32\xxyayATJ

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 21:05]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 04:03]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 18:06:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\awtuuSLD.dll
-> C:\WINDOWS\system32\NavLogon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\oexxfucg.dll
-> C:\WINDOWS\system32\xxyayATJ.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-06-30 18:14:52 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-01 01:14:15

Pre-Run: 191,318,990,848 bytes free
Post-Run: 191,724,965,888 bytes free

340	--- E O F ---	2008-06-20 10:02:00

Also, O2 - BHO: (no name) - {BABEE33E-676E-42C5-ADE5-7F52C07D7597} - C:\WINDOWS\system32\khfGyyax.dll
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - C:\WINDOWS\system32\awtuuSLD.dll
O4 - HKLM\..\Run: [BM173be22d] Rundll32.exe "C:\WINDOWS\system32\lcukwbbe.dll",s
won't delete. They keep showing up

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 01 July 2008 - 11:06 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\system32\hmihohxg.dll
C:\WINDOWS\system32\cdrqow.dll
C:\WINDOWS\system32\pbsoojvj.dll
C:\WINDOWS\system32\lcukwbbe.dll
C:\WINDOWS\system32\ghogclth.dll
C:\WINDOWS\system32\disykw.dll
C:\WINDOWS\system32\tgkymrdt.dll
C:\WINDOWS\system32\vxkcnp.dll
C:\WINDOWS\system32\kflsbclc.dll
C:\WINDOWS\system32\vpwgrpmt.dll
C:\WINDOWS\system32\awtuuSLD.dll
C:\WINDOWS\system32\xxyayATJ.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D554A583-D4CF-4A6F-B07A-CB25F60FA743}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F742A2DF-090B-4CB5-83BD-14BD2F107216}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM173be22d"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D554A583-D4CF-4A6F-B07A-CB25F60FA743}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuSLD]

Suspect::[52]
C:\WINDOWS\system32\drivers\sptd.sys

This time when you run Combofix remain connected to the internet. It will submit copies of suspicious files to be scanned.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Simonsays

Simonsays
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 July 2008 - 02:44 AM

It had me submit something to bleepingcomputer.com but heres the log, and it fixed my IE:)

ComboFix 08-06-30.2 - Nick 2008-07-02  0:09:46.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2512 [GMT -7:00]
Running from: C:\Documents and Settings\Nick\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nick\Desktop\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\awtuuSLD.dll
C:\WINDOWS\system32\cdrqow.dll
C:\WINDOWS\system32\disykw.dll
C:\WINDOWS\system32\ghogclth.dll
C:\WINDOWS\system32\hmihohxg.dll
C:\WINDOWS\system32\kflsbclc.dll
C:\WINDOWS\system32\lcukwbbe.dll
C:\WINDOWS\system32\pbsoojvj.dll
C:\WINDOWS\system32\tgkymrdt.dll
C:\WINDOWS\system32\vpwgrpmt.dll
C:\WINDOWS\system32\vxkcnp.dll
C:\WINDOWS\system32\xxyayATJ.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abqnfrnl.dll
C:\WINDOWS\system32\abtxyj.dll
C:\WINDOWS\system32\awtuuSLD.dll
C:\WINDOWS\system32\bfnnvp.dll
C:\WINDOWS\system32\cdrqow.dll
C:\WINDOWS\system32\cufdbref.dll
C:\WINDOWS\system32\disykw.dll
C:\WINDOWS\system32\ehkmovqc.dll
C:\WINDOWS\system32\ghogclth.dll
C:\WINDOWS\system32\gsgmhail.dll
C:\WINDOWS\system32\hmihohxg.dll
C:\WINDOWS\system32\JTAyayxx.ini
C:\WINDOWS\system32\JTAyayxx.ini2
C:\WINDOWS\system32\jwumdw.dll
C:\WINDOWS\system32\jyitnmtp.dll
C:\WINDOWS\system32\kflsbclc.dll
C:\WINDOWS\system32\lcukwbbe.dll
C:\WINDOWS\system32\lgpesxtr.dll
C:\WINDOWS\system32\nlgflcta.dll
C:\WINDOWS\system32\oexxfucg.dll
C:\WINDOWS\system32\pbsoojvj.dll
C:\WINDOWS\system32\ptmntiyj.ini
C:\WINDOWS\system32\rcabgbjc.dll
C:\WINDOWS\system32\tgkymrdt.dll
C:\WINDOWS\system32\tpxdmshm.ini
C:\WINDOWS\system32\uagtynsh.dll
C:\WINDOWS\system32\uvkkrw.dll
C:\WINDOWS\system32\vpwgrpmt.dll
C:\WINDOWS\system32\vxkcnp.dll
C:\WINDOWS\system32\xxyayATJ.dll

.
(((((((((((((((((((((((((   Files Created from 2008-06-02 to 2008-07-02  )))))))))))))))))))))))))))))))
.

2008-06-30 18:07 . 2008-07-02 00:08	110,419	--a------	C:\WINDOWS\BM173be22d.xml
2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\system32\scripting
2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\system32\en
2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\system32\bits
2008-06-30 02:14 . 2008-06-30 02:14	<DIR>	d--------	C:\WINDOWS\l2schemas
2008-06-30 02:13 . 2008-06-30 02:13	<DIR>	d--------	C:\WINDOWS\ServicePackFiles
2008-06-30 02:07 . 2008-06-30 02:07	<DIR>	d--------	C:\WINDOWS\EHome
2008-06-30 00:25 . 2008-06-30 00:25	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-29 19:16 . 2008-06-29 19:16	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\sysprs7.tgz
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\sysprs7.dll
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\clauth2.dll
2008-06-29 19:16 . 2008-06-29 19:16	1,025	--a------	C:\WINDOWS\system32\clauth1.dll
2008-06-29 19:16 . 2008-06-29 19:16	219	--a------	C:\WINDOWS\system32\lsprst7.tgz
2008-06-29 19:16 . 2008-06-29 19:16	205	--a------	C:\WINDOWS\system32\lsprst7.dll
2008-06-29 19:16 . 2008-06-29 19:16	87	--a------	C:\WINDOWS\system32\ssprs.tgz
2008-06-29 19:16 . 2008-06-29 19:16	73	--a------	C:\WINDOWS\system32\ssprs.dll
2008-06-29 14:18 . 2008-06-29 14:18	716,272	--a------	C:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 00:37 . 2008-06-29 00:37	<DIR>	d-a------	C:\Program Files\Alcohol Soft
2008-06-28 14:52 . 2008-06-28 14:52	<DIR>	d-a------	C:\Program Files\Trend Micro
2008-06-28 02:00 . 2008-06-28 02:23	<DIR>	d---s----	C:\Documents and Settings\Administrator
2008-06-28 01:26 . 2008-06-28 02:25	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-06-28 01:26 . 2008-06-28 02:25	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 21:02 . 2008-06-28 00:28	<DIR>	d-a------	C:\Program Files\Fraps
2008-06-26 21:02 . 2008-06-29 00:24	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 01:40 . 2008-06-24 01:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\vsosdk
2008-06-24 01:28 . 2008-06-24 01:56	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-06-24 01:28 . 2008-06-24 01:28	87,608	--a------	C:\Documents and Settings\Nick\Application Data\inst.exe
2008-06-24 01:26 . 2008-06-24 01:26	<DIR>	d--------	C:\Program Files\LG Software Innovations
2008-06-23 12:06 . 2008-06-23 12:39	<DIR>	d--------	C:\Documents and Settings\Nick\Application Data\TortoiseSVN
2008-06-23 12:05 . 2008-06-23 12:05	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\Subversion
2008-06-23 12:04 . 2008-06-23 12:04	<DIR>	d-a------	C:\Program Files\TortoiseSVN
2008-06-23 12:04 . 2008-06-23 12:04	<DIR>	d-a------	C:\Program Files\Common Files\TortoiseOverlays
2008-06-23 10:35 . 2008-06-23 10:35	<DIR>	d--------	C:\Program Files\NetLimiter 2 Pro
2008-06-23 10:35 . 2008-06-23 10:35	<DIR>	d--------	C:\Documents and Settings\Nick\Application Data\Locktime
2008-06-23 10:35 . 2008-06-23 10:35	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Locktime
2008-06-21 21:51 . 2008-06-21 21:51	<DIR>	d-a------	C:\Documents and Settings\NetworkService\Application Data\Roxio
2008-06-17 13:21 . 2004-08-04 03:00	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-06-17 13:20 . 2008-06-24 00:11	<DIR>	d-a------	C:\Program Files\Windows Media Connect 2
2008-06-17 13:19 . 2008-06-17 13:19	<DIR>	d-a------	C:\WINDOWS\system32\LogFiles
2008-06-17 13:19 . 2008-06-17 13:20	<DIR>	d-a------	C:\WINDOWS\system32\drivers\UMDF
2008-06-12 16:24 . 2008-07-02 00:20	0	--a------	C:\WINDOWS\system32\drivers\logiflt.iad
2008-06-12 13:15 . 2007-10-11 19:00	3,647,384	--a------	C:\WINDOWS\system32\drivers\lvuvc.sys
2008-06-12 13:15 . 2007-10-11 18:59	1,920,920	--a------	C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-06-12 13:15 . 2007-10-11 19:00	490,008	--a------	C:\WINDOWS\system32\LVUI2.dll
2008-06-12 13:15 . 2007-10-11 19:00	465,432	--a------	C:\WINDOWS\system32\LVUI2RC.dll
2008-06-12 13:15 . 2007-10-11 18:57	416,280	--a------	C:\WINDOWS\system32\lvcodec2.dll
2008-06-12 13:15 . 2007-10-11 18:57	195,096	--a------	C:\WINDOWS\system32\lvci1150.dll
2008-06-12 13:15 . 2007-10-11 18:11	59,500	--a------	C:\WINDOWS\system32\lvcoinst.ini
2008-06-12 13:15 . 2007-10-11 19:00	41,752	--a------	C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-06-12 13:15 . 2007-10-11 19:01	23,832	--a------	C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-06-12 13:15 . 2007-10-11 18:18	21,138	--a------	C:\WINDOWS\system32\Repository.reg
2008-06-12 13:14 . 2008-06-12 19:42	<DIR>	d-a------	C:\WINDOWS\SxsCaPendDel
2008-06-11 23:23 . 2008-06-11 23:38	<DIR>	d-a------	C:\Program Files\EphPod
2008-06-11 22:54 . 2008-06-11 23:11	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\CopyTrans
2008-06-11 22:52 . 2008-06-11 22:52	<DIR>	d-a------	C:\Program Files\WindSolutions
2008-06-11 22:52 . 2008-06-11 22:52	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\CopyTransControlCenter
2008-06-11 22:52 . 2008-06-11 22:53	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2008-06-11 22:45 . 2008-05-08 07:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 22:44 . 2008-06-13 04:05	272,128	--a------	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:44 . 2008-06-13 04:05	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:30 . 2008-06-07 21:30	<DIR>	d-a------	C:\Program Files\uTorrent
2008-06-07 21:30 . 2008-06-29 14:18	<DIR>	d-a------	C:\Documents and Settings\Nick\Application Data\uTorrent
2008-06-07 01:28 . 2008-06-07 01:28	<DIR>	d--------	C:\Documents and Settings\Nick\.vnc
2008-06-07 01:27 . 2008-05-20 15:08	20,992	--a------	C:\WINDOWS\system32\vncmirror.dll
2008-06-07 01:27 . 2008-05-20 15:08	4,608	--a------	C:\WINDOWS\system32\drivers\vncmirror.sys
2008-06-02 18:34 . 2008-07-02 00:20	0	--a------	C:\WINDOWS\system32\drivers\lvuvc.hs
2008-06-02 18:33 . 2007-05-11 17:28	195,360	-ra------	C:\WINDOWS\system32\lvci1100.dll
2008-06-02 18:27 . 2008-06-02 18:27	127,034	-r-------	C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-06-02 18:24 . 2008-06-12 16:24	<DIR>	d--------	C:\Program Files\Common Files\LogiShrd
2008-06-02 18:23 . 2008-06-12 16:22	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-06-02 18:22 . 2008-04-13 11:46	85,248	--a------	C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-06-02 18:22 . 2008-04-13 11:46	19,200	--a------	C:\WINDOWS\system32\drivers\wstcodec.sys
2008-06-02 18:22 . 2008-04-13 11:46	17,024	--a------	C:\WINDOWS\system32\drivers\ccdecode.sys
2008-06-02 18:22 . 2008-04-13 17:12	16,384	--a------	C:\WINDOWS\system32\ipsink.ax
2008-06-02 18:22 . 2008-04-13 11:46	15,232	--a------	C:\WINDOWS\system32\drivers\streamip.sys
2008-06-02 18:22 . 2008-04-13 11:46	11,136	--a------	C:\WINDOWS\system32\drivers\slip.sys
2008-06-02 18:22 . 2008-04-13 11:46	10,880	--a------	C:\WINDOWS\system32\drivers\ndisip.sys
2008-06-02 18:22 . 2008-04-13 11:39	5,504	--a------	C:\WINDOWS\system32\drivers\mstee.sys
2008-06-02 18:21 . 2008-04-13 11:46	121,984	--a------	C:\WINDOWS\system32\drivers\usbvideo.sys
2008-06-02 18:21 . 2008-04-13 17:12	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax
2008-06-02 18:21 . 2008-04-13 17:12	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax
2008-06-02 18:21 . 2008-04-13 11:45	60,032	--a------	C:\WINDOWS\system32\drivers\usbaudio.sys
2008-06-02 18:21 . 2008-04-13 17:12	53,760	--a------	C:\WINDOWS\system32\vfwwdm32.dll
2008-06-02 18:21 . 2008-04-13 17:12	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax
2008-06-02 18:21 . 2008-04-13 17:12	28,672	--a------	C:\WINDOWS\system32\vidcap.ax
2008-06-02 18:21 . 2008-04-13 17:12	20,992	--a------	C:\WINDOWS\system32\dshowext.ax

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 05:17	---------	d-----w	C:\Program Files\Steam
2008-06-30 02:21	---------	d-----w	C:\Documents and Settings\Nick\Application Data\skypePM
2008-06-30 02:07	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Apple Computer
2008-06-26 09:33	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Ventrilo
2008-06-24 08:28	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-24 08:28	47,360	----a-w	C:\Documents and Settings\Nick\Application Data\pcouffin.sys
2008-06-24 08:28	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\Vso
2008-06-24 07:14	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Roxio
2008-06-23 17:37	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-06-12 23:22	---------	d-----w	C:\Program Files\Logitech
2008-06-10 07:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-08 04:35	---------	d-----w	C:\Documents and Settings\Nick\Application Data\Azureus
2008-06-08 04:02	---------	d-----w	C:\Program Files\World of Warcraft
2008-06-03 01:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-28 00:09	---------	d---a-w	C:\Program Files\keyclone
2008-05-27 04:52	1,283,912	----a-w	C:\Program Files\WoW-2.3.0.7561-enUS-downloader.exe
2008-05-27 04:52	---------	d---a-w	C:\Program Files\WoW-2.3.0.7561-enUS
2008-05-26 23:16	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-26 23:14	---------	d---a-w	C:\Program Files\Handbrake
2008-05-24 08:16	---------	d---a-w	C:\Program Files\Common Files\Adobe Systems Shared
2008-05-24 08:16	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-24 07:51	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\Nick
2008-05-24 03:01	81,920	----a-w	C:\Documents and Settings\Nick\Application Data\ezpinst.exe
2008-05-24 03:01	---------	d---a-w	C:\Program Files\CloneDVD
2008-05-24 03:01	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\DVDXStudio
2008-05-23 22:30	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-23 22:10	94,208	----a-w	C:\WINDOWS\ScUnin.exe
2008-05-23 22:02	---------	d---a-w	C:\Program Files\Starcraft
2008-05-20 22:06	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-05-20 10:01	---------	d---a-w	C:\Program Files\Microsoft Silverlight
2008-05-20 00:25	---------	d-----w	C:\Documents and Settings\Nick\Application Data\SiteClasses
2008-05-19 23:04	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\LimeWire
2008-05-19 03:18	---------	d---a-w	C:\Program Files\Java
2008-05-19 03:18	---------	d---a-w	C:\Documents and Settings\Nick\Application Data\vlc
2008-05-19 03:14	---------	d---a-w	C:\Program Files\Common Files\Java
2008-05-19 02:43	---------	d---a-w	C:\Program Files\Common Files\Macromedia
2008-05-19 02:42	---------	d---a-w	C:\Program Files\Macromedia
2008-05-19 02:41	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-05-19 01:44	---------	d-----w	C:\Program Files\Azureus
2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 05:12	---------	d-----w	C:\Program Files\AIM6
2008-05-08 05:11	---------	d-----w	C:\Program Files\Viewpoint
2008-05-08 05:11	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-14 00:12	69,120	----a-w	C:\WINDOWS\notepad.exe
2008-04-14 00:12	50,688	----a-w	C:\WINDOWS\twain_32.dll
2008-04-14 00:12	32,866	------w	C:\WINDOWS\slrundll.exe
2008-04-14 00:12	283,648	----a-w	C:\WINDOWS\winhlp32.exe
2008-04-14 00:12	146,432	----a-w	C:\WINDOWS\regedit.exe
2008-04-14 00:12	10,752	----a-w	C:\WINDOWS\hh.exe
2008-04-14 00:12	1,033,728	----a-w	C:\WINDOWS\explorer.exe
2008-04-14 00:11	451,072	----a-w	C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11	39,424	----a-w	C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11	245,248	----a-w	C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11	141,312	----a-w	C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11	116,224	----a-w	C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11	1,852,928	----a-w	C:\WINDOWS\AppPatch\acgenral.dll
2008-04-05 20:27	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-05 06:08	315,392	----a-w	C:\WINDOWS\HideWin.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-30_18.13.43.82   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 01:05:21	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-07-02 07:21:03	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
- 2008-06-30 10:12:27	70,264	----a-w	C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-07-01 06:07:29	70,264	----a-w	C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-07-01 07:39:33	355,584	----a-w	C:\WINDOWS\system32\TuneUpDefragService.exe
+ 2008-05-29 16:28:54	28,416	----a-w	C:\WINDOWS\system32\uxtuneup.dll
+ 2006-06-05 22:28:32	40,960	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHS.dll
+ 2006-06-05 22:28:32	45,056	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80CHT.dll
+ 2006-06-05 22:28:32	65,536	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80DEU.dll
+ 2006-06-05 22:28:34	57,344	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ENU.dll
+ 2006-06-05 22:28:32	61,440	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ESP.dll
+ 2006-06-05 22:28:32	61,440	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80FRA.dll
+ 2006-06-05 22:28:32	61,440	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80ITA.dll
+ 2006-06-05 22:28:32	49,152	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80JPN.dll
+ 2006-06-05 22:28:34	49,152	----a-w	C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_8e53b5fe\mfc80KOR.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 17:52	80384	--a------	C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 09:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 20:51 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 20:51 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 20:51 138008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 15:05 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 15:05 81920]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 07:59 73728]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 17:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 17:57 2095640]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"nwiz"="nwiz.exe" [2007-04-19 15:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 14:27 16132608 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Nick\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 12:40:44 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 21:05]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 04:03]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 17:12]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-07-01 00:39]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4701aba-4621-11dd-a22d-001d0988cddb}]
\Shell\AutoRun\command - F:\Setup.exe

*Newly Created Service* - TUNEUP.DEFRAG
.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 07:21:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 00:21:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\TuneUp Utilities 2008\OneClick.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-07-02  0:32:48 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-02 07:31:50
ComboFix2.txt  2008-07-01 01:14:52

Pre-Run: 191,563,493,376 bytes free
Post-Run: 191,545,733,120 bytes free

384	--- E O F ---	2008-06-20 10:02:00

Thanks so much!

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 02 July 2008 - 09:20 AM

Looking much better.
Please post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Simonsays

Simonsays
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 02 July 2008 - 08:46 PM

Here ya go:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:59 PM, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RealVNC\VNC4\vncviewer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8783 bytes


#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 03 July 2008 - 11:02 AM

Looks pretty good to me!
How is your computer behaving now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Simonsays

Simonsays
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 06 July 2008 - 05:48 PM

Actually, yes one problem, Trying to uninstall a very old version of Norton Anti-Virus and it's giving me problems. It says "Fatal Error During Installation" But #1: Im uninstalling, and #2: No description and my version isn't on the Symantec website.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 06 July 2008 - 06:25 PM

Download this tool and run it.

ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe


Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Simonsays

Simonsays
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 07 July 2008 - 11:39 PM

O! It finds my version! But it says it can't continue and I have to remove it from Add and Remove Programs before it can continue lol. It won't delete it.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:39 PM

Posted 08 July 2008 - 09:54 AM

Let's do it the hard way then.

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
C:\Program Files\NavNT

Driver::
Norton AntiVirus Server
DefWatch
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==================


Download and run the trial version of Registry Tuneup.
http://www.acelogix.com/systuneup.html

Remove everything that it finds.
Reboot and run it once again.



Let me know how it goes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Simonsays

Simonsays
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 08 July 2008 - 08:42 PM

Well McAfee still won't install because it sees Norton on my computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users