Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Found Tdssserv.sys On My System


  • This topic is locked This topic is locked
9 replies to this topic

#1 fixitplz

fixitplz

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 25 September 2008 - 02:12 PM

Hello, I recently posted in http://www.bleepingcomputer.com/forums/t/170990/windows-search-tool-not-showing-and-various-other-anti-spyware-window-pop-ups/ to help clean out my pc and boopme said to make post here with hijackthis log to help me rid of this nasty rootykit.

Here is the log:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:42 PM, on 9/25/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.zangocash.com
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195967499453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195967567093
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wkcmbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6821 bytes

BC AdBot (Login to Remove)

 


m

#2 fixitplz

fixitplz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 27 September 2008 - 09:18 PM

/bump

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:43 PM

Posted 30 September 2008 - 06:44 PM

Hello fixitplz,

It is not a good idea to "Bump" your post, as it will only delay
help for your log.


When selecting logs we generally use two criteria to
look for unanswered logs.

1. We started from the oldest to the most recent. That means if you
keep bumping, your log is at the top of the list, and since we do not work
from the top, it will be looked at last!!

2. We look for first for posts with no replies. A bump is a reply so
you get pushed further down the response ladder
.

*******************************************

I see Viewpoint installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now, if you did not install it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player


If you uninstalled, please navigate to and delete the following folders
C:\Program Files\Viewpoint

*******************************************

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6u7-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

AVG Anti-Spyware 7.5 is not supported by AVG (It has been rolled into AVG8), so you should uninstall it.

*******************************************

Download CCleaner and install it. (default location is best). Do not run it yet!

Beginners Guide to CCleaner

*******************************************

Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

O15 - Trusted Zone: http://www.zangocash.com
O20 - AppInit_DLLs: wkcmbr.dll


Close all browsers and other windows except for HijackThis, and click "Fix checked"

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues or Registry button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Autocomplete Forum History.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section except for Start Menu Shortcuts and Desktop Shortcuts.
Clean any others that you choose.

In the Applications Tab:
Clean all including cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Reboot your computer.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 fixitplz

fixitplz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 01 October 2008 - 02:51 PM

Logfile of random's system information tool 1.04 (written by random/random)
Run by temp at 2008-10-01 15:49:58
Microsoft Windows XP Professional Service Pack 1
System drive C: has 26 GB (60%) free of 44 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50, on 2008-10-01
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\temp\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\temp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1195967499453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195967567093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6591 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\System Restore.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-03-31 842268]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2003-03-31 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2007-11-15 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Empire Earth - The Art of Conquest\EE-AOC.exe"="D:\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\temp\Desktop\hfs.exe"="C:\Documents and Settings\temp\Desktop\hfs.exe:*:Enabled:hfs"
"D:\Eyeball Chat\EyeballChat.exe"="D:\Eyeball Chat\EyeballChat.exe:*:Enabled:Eyeball Chat"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\FrostWire\FrostWire.exe"="D:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Java\jre1.6.0_04\launch4j-tmp\Jipox.exe"="C:\Program Files\Java\jre1.6.0_04\launch4j-tmp\Jipox.exe:*:Enabled:Java™ Platform SE binary"
"D:\Adcalls\Adcalls.exe"="D:\Adcalls\Adcalls.exe:*:Enabled:AdCalls Application"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"="C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 3 months======

2008-10-01 15:49:58 ----D---- C:\rsit
2008-10-01 15:43:01 ----D---- C:\WINDOWS\temp
2008-10-01 15:42:57 ----A---- C:\ComboFix.txt
2008-10-01 15:28:01 ----A---- C:\WINDOWS\PSEXESVC.EXE
2008-10-01 15:05:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-01 14:08:58 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-01 13:42:46 ----A---- C:\WINDOWS\System32\javaws.exe
2008-10-01 13:42:46 ----A---- C:\WINDOWS\System32\javaw.exe
2008-10-01 13:42:46 ----A---- C:\WINDOWS\System32\java.exe
2008-10-01 13:26:19 ----D---- C:\Program Files\CCleaner
2008-09-30 23:39:58 ----A---- C:\WINDOWS\System32\ksuser.dll
2008-09-30 23:24:49 ----D---- C:\WINDOWS\Prefetch
2008-09-30 23:15:13 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
2008-09-30 23:14:35 ----A---- C:\WINDOWS\System32\safrslv.dll
2008-09-30 23:14:34 ----A---- C:\WINDOWS\System32\safrdm.dll
2008-09-30 23:14:34 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2008-09-30 23:14:34 ----A---- C:\WINDOWS\System32\racpldlg.dll
2008-09-30 23:14:33 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2008-09-30 23:14:33 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2008-09-30 23:14:32 ----A---- C:\WINDOWS\System32\inetres.dll
2008-09-30 23:14:31 ----A---- C:\WINDOWS\System32\icwphbk.dll
2008-09-30 23:14:31 ----A---- C:\WINDOWS\System32\icwdial.dll
2008-09-30 23:14:30 ----A---- C:\WINDOWS\System32\isign32.dll
2008-09-30 23:14:30 ----A---- C:\WINDOWS\System32\inetcfg.dll
2008-09-30 23:14:21 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2008-09-30 23:14:21 ----A---- C:\WINDOWS\System32\qmgr.dll
2008-09-30 23:14:14 ----A---- C:\WINDOWS\System32\srrstr.dll
2008-09-30 23:14:13 ----A---- C:\WINDOWS\System32\srsvc.dll
2008-09-30 23:14:13 ----A---- C:\WINDOWS\System32\srclient.dll
2008-09-30 23:14:12 ----A---- C:\WINDOWS\System32\mnmdd.dll
2008-09-30 23:14:12 ----A---- C:\WINDOWS\System32\ils.dll
2008-09-30 23:14:11 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2008-09-30 23:14:11 ----A---- C:\WINDOWS\System32\msconf.dll
2008-09-30 23:14:07 ----A---- C:\WINDOWS\System32\msoert2.dll
2008-09-30 23:14:06 ----A---- C:\WINDOWS\System32\msoeacct.dll
2008-09-30 23:14:06 ----A---- C:\WINDOWS\System32\inetcomm.dll
2008-09-30 23:14:05 ----A---- C:\WINDOWS\System32\schedsvc.dll
2008-09-30 23:14:05 ----A---- C:\WINDOWS\System32\mstinit.exe
2008-09-30 23:14:04 ----A---- C:\WINDOWS\System32\mstask.dll
2008-09-30 23:12:41 ----D---- C:\Program Files\ComPlus Applications
2008-09-30 23:12:23 ----D---- C:\Program Files\Online Services
2008-09-30 23:12:18 ----A---- C:\WINDOWS\System32\sndrec32.exe
2008-09-30 23:12:18 ----A---- C:\WINDOWS\System32\accwiz.exe
2008-09-30 23:12:17 ----A---- C:\WINDOWS\System32\rdshost.exe
2008-09-30 23:12:17 ----A---- C:\WINDOWS\System32\hypertrm.dll
2008-09-30 23:12:16 ----A---- C:\WINDOWS\System32\qprocess.exe
2008-09-30 23:12:16 ----A---- C:\WINDOWS\System32\mtxoci.dll
2008-09-30 23:12:16 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2008-09-30 23:12:16 ----A---- C:\WINDOWS\System32\msdtctm.dll
2008-09-30 23:12:15 ----A---- C:\WINDOWS\System32\xolehlp.dll
2008-09-30 23:12:15 ----A---- C:\WINDOWS\System32\msdtclog.dll
2008-09-30 23:12:15 ----A---- C:\WINDOWS\System32\msdtc.exe
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\stclient.dll
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\mtxex.dll
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\mtxdm.dll
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\comrepl.dll
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\comaddin.dll
2008-09-30 23:12:14 ----A---- C:\WINDOWS\System32\colbact.dll
2008-09-30 23:12:13 ----A---- C:\WINDOWS\System32\comuid.dll
2008-09-30 23:12:13 ----A---- C:\WINDOWS\System32\comsnap.dll
2008-09-30 23:12:13 ----A---- C:\WINDOWS\System32\clbcatex.dll
2008-09-30 23:12:13 ----A---- C:\WINDOWS\System32\catsrvps.dll
2008-09-30 23:12:13 ----A---- C:\WINDOWS\System32\catsrv.dll
2008-09-30 23:12:12 ----A---- C:\WINDOWS\System32\clbcatq.dll
2008-09-30 23:12:06 ----A---- C:\WINDOWS\System32\servdeps.dll
2008-09-30 23:12:06 ----A---- C:\WINDOWS\System32\mmfutil.dll
2008-09-30 23:12:05 ----A---- C:\WINDOWS\System32\mplay32.exe
2008-09-30 23:12:05 ----A---- C:\WINDOWS\System32\cmprops.dll
2008-09-30 23:12:04 ----A---- C:\WINDOWS\System32\spider.exe
2008-09-30 23:12:04 ----A---- C:\WINDOWS\System32\mspaint.exe
2008-09-30 23:12:04 ----A---- C:\WINDOWS\System32\clipbrd.exe
2008-09-30 23:12:03 ----A---- C:\WINDOWS\System32\wuauserv.dll
2008-09-30 23:12:03 ----A---- C:\WINDOWS\System32\wuaueng.dll
2008-09-30 23:12:03 ----A---- C:\WINDOWS\System32\wuauclt.exe
2008-09-30 23:12:02 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2008-09-30 23:12:02 ----A---- C:\WINDOWS\System32\sessmgr.exe
2008-09-30 23:12:02 ----A---- C:\WINDOWS\System32\remotepg.dll
2008-09-30 23:12:02 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2008-09-30 23:12:02 ----A---- C:\WINDOWS\System32\rdchost.dll
2008-09-30 23:12:02 ----A---- C:\WINDOWS\System32\mstscax.dll
2008-09-30 23:12:02 ----A---- C:\WINDOWS\System32\mstsc.exe
2008-09-30 23:12:01 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2008-09-30 23:12:01 ----A---- C:\WINDOWS\System32\termsrv.dll
2008-09-30 23:12:01 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2008-09-30 23:12:01 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2008-09-30 23:12:01 ----A---- C:\WINDOWS\System32\rdpclip.exe
2008-09-30 23:12:01 ----A---- C:\WINDOWS\System32\icaapi.dll
2008-09-30 23:12:01 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2008-09-30 23:12:00 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2008-09-30 23:12:00 ----A---- C:\WINDOWS\System32\catsrvut.dll
2008-09-30 23:11:59 ----A---- C:\WINDOWS\System32\comsvcs.dll
2008-09-30 23:11:53 ----A---- C:\WINDOWS\System32\licwmi.dll
2008-09-30 22:52:56 ----A---- C:\WINDOWS\System32\vfwwdm32.dll
2008-09-30 22:51:24 ----A---- C:\WINDOWS\System32\spxcoins.dll
2008-09-30 22:51:24 ----A---- C:\WINDOWS\System32\irclass.dll
2008-09-30 22:51:23 ----A---- C:\WINDOWS\System32\storprop.dll
2008-09-30 22:50:59 ----RA---- C:\WINDOWS\SET77.tmp
2008-09-30 22:50:56 ----RA---- C:\WINDOWS\SET6B.tmp
2008-09-30 21:37:50 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-28 18:13:23 ----ASH---- C:\WINDOWS\System32\suELlnmp.ini2
2008-09-28 17:41:33 ----D---- C:\Program Files\Camfrog
2008-09-25 15:08:37 ----D---- C:\Program Files\Trend Micro
2008-09-25 02:29:12 ----A---- C:\mbam-log-2008-09-25 (02-03-43).txt
2008-09-24 21:54:50 ----D---- C:\SDFix
2008-09-24 17:54:05 ----A---- C:\mbam-log-2008-09-24 (17-49-13).txt
2008-09-23 23:33:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-09-23 23:31:47 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-23 23:31:47 ----D---- C:\Documents and Settings\temp\Application Data\SUPERAntiSpyware.com
2008-09-23 17:56:12 ----D---- C:\Documents and Settings\temp\Application Data\Malwarebytes
2008-09-23 17:55:51 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-23 17:55:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-22 23:33:33 ----D---- C:\Documents and Settings\temp\Application Data\Google
2008-09-22 23:32:18 ----D---- C:\WINDOWS\Google Earth Pro 4.2
2008-09-22 23:32:18 ----D---- C:\Program Files\Google Earth Pro 4.2
2008-09-22 02:29:13 ----A---- C:\WINDOWS\System32\570f4e4d-.txt
2008-09-18 23:41:26 ----D---- C:\Documents and Settings\temp\Application Data\skypePM
2008-09-18 23:38:48 ----D---- C:\Program Files\Skype
2008-09-18 23:38:47 ----D---- C:\Program Files\Common Files\Skype
2008-09-18 23:38:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-09-12 18:53:29 ----D---- C:\Program Files\ESET
2008-09-12 15:27:28 ----A---- C:\WINDOWS\zip.exe
2008-09-12 15:27:28 ----A---- C:\WINDOWS\VFind.exe
2008-09-12 15:27:28 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-12 15:27:28 ----A---- C:\WINDOWS\swsc.exe
2008-09-12 15:27:28 ----A---- C:\WINDOWS\swreg.exe
2008-09-12 15:27:28 ----A---- C:\WINDOWS\sed.exe
2008-09-12 15:27:28 ----A---- C:\WINDOWS\grep.exe
2008-09-12 15:27:28 ----A---- C:\WINDOWS\fdsv.exe
2008-09-09 13:57:11 ----D---- C:\Documents and Settings\temp\Application Data\vlc
2008-09-06 13:40:26 ----D---- C:\Program Files\Solveig Multimedia
2008-09-06 00:02:13 ----D---- C:\videos
2008-09-05 23:59:55 ----A---- C:\WINDOWS\DWrvg.exe
2008-09-05 23:59:45 ----A---- C:\WINDOWS\System32\g44.exe
2008-09-05 23:47:31 ----A---- C:\WINDOWS\System32\tsccvid.dll
2008-09-05 23:47:29 ----D---- C:\WINDOWS\System32\QuickTime
2008-09-05 23:46:42 ----D---- C:\Program Files\TechSmith
2008-09-05 18:45:30 ----D---- C:\WINDOWS\.jagex_cache_32

======List of files/folders modified in the last 3 months======

2008-10-01 15:46:44 ----D---- C:\WINDOWS
2008-10-01 15:46:43 ----D---- C:\WINDOWS\System32\CatRoot2
2008-10-01 15:45:42 ----D---- C:\Program Files\Mozilla Firefox
2008-10-01 15:43:05 ----D---- C:\WINDOWS\system32
2008-10-01 15:43:04 ----D---- C:\WINDOWS\System32\drivers
2008-10-01 15:42:42 ----D---- C:\QooBox
2008-10-01 15:33:43 ----A---- C:\WINDOWS\system.ini
2008-10-01 15:31:50 ----D---- C:\WINDOWS\Debug
2008-10-01 15:29:12 ----D---- C:\WINDOWS\System32\config
2008-10-01 15:28:05 ----D---- C:\WINDOWS\erdnt
2008-10-01 15:26:53 ----D---- C:\WINDOWS\AppPatch
2008-10-01 15:26:53 ----D---- C:\Program Files\Common Files
2008-10-01 13:56:38 ----D---- C:\WINDOWS\Minidump
2008-10-01 13:42:49 ----SHD---- C:\Config.Msi
2008-10-01 13:42:45 ----D---- C:\Program Files\Java
2008-10-01 13:42:03 ----SHD---- C:\WINDOWS\Installer
2008-10-01 13:26:19 ----RD---- C:\Program Files
2008-10-01 13:09:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-09-30 23:40:06 ----RSHDC---- C:\WINDOWS\System32\dllcache
2008-09-30 23:37:42 ----HD---- C:\WINDOWS\inf
2008-09-30 23:36:15 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-09-30 23:31:34 ----HD---- C:\Program Files\WindowsUpdate
2008-09-30 23:31:25 ----D---- C:\WINDOWS\Help
2008-09-30 23:31:23 ----D---- C:\WINDOWS\System32\CatRoot
2008-09-30 23:28:13 ----D---- C:\WINDOWS\Registration
2008-09-30 23:26:33 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-09-30 23:26:04 ----SHD---- C:\System Volume Information
2008-09-30 23:26:04 ----D---- C:\WINDOWS\System32\Restore
2008-09-30 23:22:45 ----D---- C:\WINDOWS\System32\inetsrv
2008-09-30 23:22:44 ----D---- C:\WINDOWS\nview
2008-09-30 23:16:48 ----D---- C:\Program Files\Windows Media Player
2008-09-30 23:16:48 ----A---- C:\WINDOWS\win.ini
2008-09-30 23:16:28 ----A---- C:\WINDOWS\ODBCINST.INI
2008-09-30 23:15:59 ----D---- C:\WINDOWS\System32\ias
2008-09-30 23:15:17 ----RD---- C:\WINDOWS\Web
2008-09-30 23:15:03 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
2008-09-30 23:14:42 ----D---- C:\WINDOWS\srchasst
2008-09-30 23:14:37 ----D---- C:\WINDOWS\System32\oobe
2008-09-30 23:14:33 ----D---- C:\Program Files\Outlook Express
2008-09-30 23:14:33 ----D---- C:\Program Files\NetMeeting
2008-09-30 23:14:32 ----D---- C:\Program Files\Common Files\System
2008-09-30 23:14:21 ----D---- C:\Program Files\Movie Maker
2008-09-30 23:13:57 ----D---- C:\Program Files\Internet Explorer
2008-09-30 23:12:57 ----D---- C:\WINDOWS\System32\Com
2008-09-30 23:12:17 ----D---- C:\Program Files\Windows NT
2008-09-30 23:12:16 ----D---- C:\WINDOWS\security
2008-09-30 23:12:12 ----D---- C:\WINDOWS\System32\wbem
2008-09-30 23:10:29 ----SH---- C:\boot.ini
2008-09-30 22:51:24 ----D---- C:\WINDOWS\system
2008-09-30 22:51:06 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2008-09-30 21:43:19 ----A---- C:\rapport.txt
2008-09-30 21:38:24 ----A---- C:\WINDOWS\System32\tmp.txt
2008-09-30 21:27:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\RFA_Backups
2008-09-30 18:46:05 ----D---- C:\WINDOWS\System32\Setup
2008-09-30 18:46:04 ----D---- C:\WINDOWS\System32\usmt
2008-09-30 18:45:54 ----D---- C:\WINDOWS\mui
2008-09-30 18:45:53 ----D---- C:\WINDOWS\ime
2008-09-30 18:45:28 ----D---- C:\WINDOWS\System32\npp
2008-09-30 18:44:59 ----RSD---- C:\WINDOWS\Fonts
2008-09-30 18:43:20 ----D---- C:\WINDOWS\Media
2008-09-30 18:43:15 ----D---- C:\WINDOWS\twain_32
2008-09-30 18:42:44 ----D---- C:\WINDOWS\System32\icsxml
2008-09-30 18:42:19 ----D---- C:\WINDOWS\msagent
2008-09-30 18:41:39 ----D---- C:\WINDOWS\System32\1033
2008-09-30 18:39:28 ----D---- C:\WINDOWS\Driver Cache
2008-09-30 17:39:27 ----SD---- C:\WINDOWS\Tasks
2008-09-30 01:18:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-29 23:43:46 ----D---- C:\Program Files\Windows Live
2008-09-29 22:11:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-28 22:06:29 ----D---- C:\Program Files\FrostWire
2008-09-28 19:58:00 ----D---- C:\Documents and Settings\temp\Application Data\uTorrent
2008-09-28 17:46:48 ----D---- C:\Documents and Settings\temp\Application Data\Skype
2008-09-28 17:06:23 ----A---- C:\WINDOWS\System32\BASSMOD.dll
2008-09-27 23:23:55 ----D---- C:\pics
2008-09-24 22:06:46 ----D---- C:\WINDOWS\ERUNT
2008-09-23 23:31:25 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-12 21:40:27 ----D---- C:\Documents and Settings\temp\Application Data\Mozilla
2008-09-12 13:38:17 ----D---- C:\WINDOWS\network diagnostic
2008-09-11 14:11:37 ----D---- C:\Program Files\program installers
2008-07-18 22:10:40 ----A---- C:\WINDOWS\System32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\System32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\System32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\System32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\System32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\System32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\System32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\System32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\System32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\System32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\System32\mucltui.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-08-18 53256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-08-18 54280]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-08-18 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-08-18 71688]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-08-18 30728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2002-07-09 11008]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-10-23 38784]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2002-11-27 80896]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-10-23 311936]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2003-03-31 28160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-03-31 19328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-03-31 51968]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-03-31 15744]
R3 VPCNetS2;Virtual Machine Network Services; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2003-03-31 32512]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2003-03-31 13952]
S2 LMIInfo;LogMeIn Kernel Information Provider; C:\WINDOWS\System32\drivers\LMIInfo.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2002-08-29 16384]
S3 GMSIPCI;GMSIPCI; C:\WINDOWS\System32\drivers\GMSIPCI.sys []
S3 LCcfltr;Logitech USB Filter Driver; C:\WINDOWS\system32\drivers\lccfltr.sys [2002-07-09 13724]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-08-29 4992]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2001-08-17 83712]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-03-31 8064]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2003-03-31 38272]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2001-08-01 348169]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-03-31 10752]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-03-31 14592]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2001-08-17 18560]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\System32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2007-05-30 312880]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-22 72704]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-08-18 19200]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2003-03-31 12800]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-10-01 15:50:05

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adcalls-->MsiExec.exe /X{7D90E31E-AC4C-4B7C-97BD-D088189AA615}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Camfrog Video Chat 5.1-->"C:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
CamfrogWEB Advanced ActiveX Plugin (remove only)-->"C:\Program Files\CFWebAdvancedU\Uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dark Age of Camelot - Catacombs-->"D:\Catacombs\unins000.exe"
Dark Age of Camelot - Darkness Rising-->"D:\Darkness\unins000.exe"
Dark Age of Camelot - Labyrinth of the Minotaur-->"D:\Labyrinth\unins000.exe"
Dark Age of Camelot - Shrouded Isles-->"D:\Isles\unins000.exe"
Dark Age of Camelot - Trials of Atlantis-->"D:\Atlantis\unins000.exe"
Empire Earth - The Art of Conquest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x9
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Entropia Universe-->d:\Entropia Universe\Uninstall.exe
ESET Smart Security-->MsiExec.exe /I{55FFA15B-4B16-4E17-AD8B-95EC3C793DE3}
e-texaspoker client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBD12D47-62D6-11D4-9357-00508B5BB444}\Setup.exe" -uninst
EtherDetect Packet Sniffer v1.4-->C:\PROGRA~1\ETHERD~1\UNWISE.EXE C:\PROGRA~1\ETHERD~1\INSTALL.LOG
Eyeball Chat 2.2-->D:\EYEBAL~1\UNWISE.EXE D:\EYEBAL~1\INSTALL.LOG
Forum Proxy Leecher 1.10-->"d:\Forum Proxy Leecher\unins000.exe"
FrostWire 4.13.5-->C:\Program Files\FrostWire\Uninstall.exe
Google Earth Pro 4.2-->"C:\WINDOWS\Google Earth Pro 4.2\uninstall.exe" "/U:C:\Program Files\Google Earth Pro 4.2\Uninstall\uninstall.xml"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ijji - Gunz-->d:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
iSpQ VideoChat 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E74C05-CD77-4422-B5BB-E82693EE2FA3}\Setup.exe" -l0x9 DoUninstall
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kort's Spellcraft Calculator-->MsiExec.exe /I{B2163962-BFD2-4187-8B47-D9B24737DFD7}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
LOKI2-->MsiExec.exe /I{23CA024E-7A69-467A-99F0-45462A144AE3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.2 (remove only)-->"d:\ManyCam 2.2\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\System32\nvuninst.exe UninstallGUI
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry First Aid-->"C:\Program Files\RFA\unins000.exe"
Sarmsoft Resume Builder-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{748D56F4-F3B5-4A9C-BCEF-5D4CD33C87E5} /l1033
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnagIt 8-->MsiExec.exe /I{524228C9-826F-4B58-9E47-4F2E5C7E9F45}
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Super Internet TV v7.2-->"d:\Super Internet TV\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Lord of the Rings Online™: Shadows of Angmar™ v01.05.00.811-->"d:\Turbine\The Lord of the Rings Online\unins000.exe"
UltraBot5-->MsiExec.exe /I{0DBE64C2-525B-4C10-A662-0BEFFC4EE6F1}
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall-->"d:\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O15 - Trusted Zone: http://www.zangocash.com
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v47/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v47/wwspades/wwspades.cab
O20 - AppInit_DLLs: wkcmbr.dll
O4 - HKLM\..\Run: [5c2c8a33] rundll32.exe "C:\WINDOWS\system32\yxwwwahp.dll",b
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#5 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:43 PM

Posted 01 October 2008 - 04:42 PM

I see you ran ComboFix on your own. :thumbsup:
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

I want you to delete the combofix icon on your desktop, download a new version of ComboFix to the desktop, install Recovery Console and run it again.

Make sure you disable your ESET antivirus and all antimalware programs before running ComboFix.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 01 October 2008 - 04:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 fixitplz

fixitplz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 01 October 2008 - 07:02 PM

ComboFix 08-09-30.03 - temp 2008-10-01 7:55:22.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.654 [GMT -4:00]
Running from: C:\Documents and Settings\temp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\temp\Desktop\winxpsp1_en_pro_bf.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-10-01 15:49 . 2008-10-01 15:50 <DIR> d-------- C:\rsit
2008-10-01 13:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-01 13:26 . 2008-10-01 13:26 <DIR> d-------- C:\Program Files\CCleaner
2008-09-30 23:31 . 2004-08-03 14:03 167,704 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-09-30 23:19 . 2003-03-31 08:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-09-30 23:18 . 2003-03-31 08:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-30 23:17 . 2003-03-31 08:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-30 23:16 . 2003-03-31 08:00 249,856 --a--c--- C:\WINDOWS\system32\dllcache\adsiis51.dll
2008-09-30 23:16 . 2003-03-31 08:00 34,816 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2008-09-30 23:16 . 2002-05-14 12:08 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2008-09-30 23:16 . 2002-05-14 12:08 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2008-09-30 23:16 . 2002-05-14 12:08 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2008-09-30 23:16 . 2002-05-14 12:08 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2008-09-30 23:15 . 2008-09-30 23:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-30 23:15 . 2008-09-30 23:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-30 23:15 . 2008-09-30 23:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-30 23:15 . 2008-09-30 23:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-09-30 23:15 . 2008-09-30 23:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-30 23:15 . 2008-09-30 23:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-30 23:13 . 2003-03-31 08:00 307,200 --a--c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-30 23:12 . 2004-08-03 14:07 1,081,112 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-09-30 23:11 . 2003-03-31 08:00 1,267,712 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-09-30 23:02 . 2001-08-17 14:07 83,712 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-09-30 23:02 . 2002-08-29 01:33 16,384 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-09-30 23:02 . 2002-08-29 01:27 4,992 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-09-30 23:01 . 2001-08-17 14:07 18,560 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-09-30 22:59 . 2001-08-17 13:59 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-09-30 22:59 . 2002-08-29 01:32 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-09-30 22:58 . 2002-08-29 01:27 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-30 22:56 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-09-30 22:53 . 2002-08-29 01:06 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-09-30 22:53 . 2002-08-29 03:46 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-09-30 22:52 . 2001-08-17 22:37 84,992 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-09-30 22:52 . 2001-08-17 22:37 55,808 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-09-30 22:52 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-09-30 22:52 . 2002-08-29 03:41 38,912 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-09-30 22:50 . 2003-03-31 08:00 1,086,182 -ra------ C:\WINDOWS\SET6B.tmp
2008-09-30 22:50 . 2003-03-31 08:00 13,608 -ra------ C:\WINDOWS\SET77.tmp
2008-09-28 18:13 . 2008-10-01 12:58 878,144 --ahs---- C:\WINDOWS\system32\suELlnmp.ini2
2008-09-28 17:41 . 2008-09-28 20:55 <DIR> d-------- C:\Program Files\Camfrog
2008-09-25 23:32 . 2007-07-18 20:39 1,278,104 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-09-25 22:49 . 2008-09-25 22:49 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-25 15:08 . 2008-09-25 15:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-24 21:54 . 2008-09-30 13:07 <DIR> d-------- C:\SDFix
2008-09-24 12:42 . 2008-09-24 12:42 <DIR> d-------- C:\Documents and Settings\Administrator.DANDT\Application Data\Malwarebytes
2008-09-23 23:49 . 2008-09-23 23:49 <DIR> d-------- C:\Documents and Settings\Administrator.DANDT\Application Data\SUPERAntiSpyware.com
2008-09-23 23:33 . 2008-09-23 23:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-09-23 23:31 . 2008-09-23 23:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-23 23:31 . 2008-09-23 23:31 <DIR> d-------- C:\Documents and Settings\temp\Application Data\SUPERAntiSpyware.com
2008-09-23 17:56 . 2008-09-23 17:56 <DIR> d-------- C:\Documents and Settings\temp\Application Data\Malwarebytes
2008-09-23 17:55 . 2008-09-23 17:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-23 17:55 . 2008-09-23 17:55 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-23 17:55 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-23 17:55 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-22 23:32 . 2008-09-22 23:32 <DIR> d-------- C:\WINDOWS\Google Earth Pro 4.2
2008-09-22 23:32 . 2008-09-22 23:32 <DIR> d-------- C:\Program Files\Google Earth Pro 4.2
2008-09-19 00:58 . 2008-09-19 00:58 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-09-18 23:41 . 2008-09-28 13:21 <DIR> d-------- C:\Documents and Settings\temp\Application Data\skypePM
2008-09-18 23:41 . 2008-09-18 23:41 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-18 23:38 . 2008-09-18 23:38 <DIR> d-------- C:\Program Files\Skype
2008-09-18 23:38 . 2008-09-18 23:38 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-18 23:38 . 2008-09-18 23:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-09-12 18:53 . 2008-09-12 18:53 <DIR> d-------- C:\Program Files\ESET
2008-09-09 13:57 . 2008-09-09 13:57 <DIR> d-------- C:\Documents and Settings\temp\Application Data\vlc
2008-09-06 13:40 . 2008-09-09 00:12 <DIR> d-------- C:\Program Files\Solveig Multimedia
2008-09-06 00:02 . 2008-09-25 22:49 <DIR> d-------- C:\videos
2008-09-05 23:59 . 2002-09-18 14:21 428,976 --a------ C:\WINDOWS\DWrvg.exe
2008-09-05 23:59 . 2008-09-05 23:59 153,415 --a------ C:\WINDOWS\system32\g44.exe
2008-09-05 23:47 . 2008-09-05 23:47 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-09-05 23:47 . 2008-03-12 02:37 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-09-05 23:46 . 2008-09-06 12:32 <DIR> d-------- C:\Program Files\TechSmith
2008-09-05 18:45 . 2008-09-05 18:45 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-09-05 18:45 . 2008-09-05 18:45 0 --a------ C:\Documents and Settings\temp\jagex_runescape_preferences.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 17:42 --------- d-----w C:\Program Files\Java
2008-10-01 17:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-01 03:36 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-10-01 01:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\RFA_Backups
2008-09-30 03:43 --------- d-----w C:\Program Files\Windows Live
2008-09-30 02:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-09-29 02:06 --------- d-----w C:\Program Files\FrostWire
2008-09-28 23:58 --------- d-----w C:\Documents and Settings\temp\Application Data\uTorrent
2008-09-28 21:46 --------- d-----w C:\Documents and Settings\temp\Application Data\Skype
2008-09-24 03:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-11 18:11 --------- d-----w C:\Program Files\program installers
2008-08-18 17:27 71,688 ----a-w C:\WINDOWS\system32\drivers\epfw.sys
2008-08-18 17:27 54,280 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys
2008-08-18 17:27 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys
2008-08-18 17:19 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-08-18 17:18 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-02-19 09:15 1,904,947 ----a-w C:\Program Files\Internet Explorer.zip
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2007-11-30 18:44 36608 ef9bb587e33c2c245b5b83e882501ff6 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((( snapshot_2008-10-01_15.42.02.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-01 03:25:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-01 07:53:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-01 03:25:24 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-01 07:53:31 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-01 03:25:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 07:53:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2003-03-31 40960]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Documents and Settings\\temp\\Desktop\\hfs.exe"=
"D:\\Eyeball Chat\\EyeballChat.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Java\\jre1.6.0_04\\launch4j-tmp\\Jipox.exe"=
"D:\\Adcalls\\Adcalls.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 46112]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\System32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\System32\drivers\lccfltr.sys [2002-07-09 13724]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\temp\Application Data\Mozilla\Firefox\Profiles\99byno41.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 07:58:21
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-01 8:00:52
ComboFix-quarantined-files.txt 2008-10-01 12:00:24
ComboFix2.txt 2008-10-01 10:39:05
ComboFix3.txt 2008-10-01 19:42:57
ComboFix4.txt 2008-10-01 01:47:35
ComboFix5.txt 2008-10-01 11:52:28

Pre-Run: 27,530,694,656 bytes free
Post-Run: 27,500,765,184 bytes free

winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

216

#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:43 PM

Posted 02 October 2008 - 11:48 AM

I can see from the log that you ran ComboFix 8 times. :thumbsup:

Please tell me the reason you did that? Was there a problem? If so what was it?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 fixitplz

fixitplz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 02 October 2008 - 12:19 PM

hmm i only ran it 2 times, the time befor u seen it and the time you told me to use it. so idk why it says that

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:43 PM

Posted 02 October 2008 - 12:55 PM

hmm i only ran it 2 times, the time befor u seen it and the time you told me to use it. so idk why it says that


Completion time: 2008-10-01 8:00:52
ComboFix-quarantined-files.txt 2008-10-01 12:00:24
ComboFix2.txt 2008-10-01 10:39:05
ComboFix3.txt 2008-10-01 19:42:57
ComboFix4.txt 2008-10-01 01:47:35
ComboFix5.txt 2008-10-01 11:52:28


This shows you run ComboFix many times. :thumbsup: Why did you do that?


One additional note: According to the forum rules http://www.bleepingcomputer.com/boardrules.php


When posting, please use proper grammar. Refrain from 'text-message' style substitutions of words like 'u' for 'you', and 'ur' for 'your'. This is a multi-national forum, and some of our non-english speaking members must use translation software which is confused by abbreviations. Most of our volunteer members are very busy helping as many people as they can, and a post that is hard to read will often be overlooked.


Edited by SifuMike, 02 October 2008 - 01:08 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:43 PM

Posted 05 October 2008 - 05:45 PM

Due to inactivity, this thread will now be closed.
If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users