Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IRC Bot Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IRC Bot Virus

Unread postby proscroby » March 11th, 2009, 9:50 pm

I was informed by my ISP that I have the IRC Bot virus. I scanned my system using Avast Professional but found nothing. Attached is the log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:12 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: D - {DB13D0A1-FE14-3DF6-B3E9-4001C6464723} - C:\WINDOWS\system32\xel55970.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [InternetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - S-1-5-18 Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 14486 bytes
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm
Advertisement
Register to Remove

Re: IRC Bot Virus

Unread postby Odd dude » March 21st, 2009, 9:54 am

Hi, sorry for the wait. If you still need help please do this:

DDS (Doesn't Do Squat)
Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please :)
  • Double click DDS.scr to run it and wait for the scan to finish
  • When finished DDS.txt will open
  • A small while later, a prompt will open. Answer Yes
  • DDS will continue scanning
  • When done, Attach.txt will open
  • Post DDS.txt and attach Attach.txt
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 21st, 2009, 10:23 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Clairmonte Newton at 22:10:00.26 on Sat 03/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1320 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090314-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Documents and Settings\Clairmonte Newton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\clairmonte newton\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [InternetCalls] "c:\program files\internetcalls.com\internetcalls\InternetCalls.exe" -nosplash -minimized
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [HDDHealth] c:\program files\hdd health\HDDHealth.exe -wl
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\qttask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\docume~1\clairm~1\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\clairm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\clairm~1\startm~1\programs\startup\wordwe~1.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuswi~1.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clairm~1\applic~1\mozilla\firefox\profiles\q54pqdrb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\documents and settings\clairmonte newton\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-14 114768]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2007-11-9 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2007-11-9 62080]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-9-19 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-14 138680]
R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-1-12 3584]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-2-5 117208]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-14 352920]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-2-3 31704]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 drhard;DRHARD;c:\windows\system32\drivers\drhard.sys [2007-11-25 23600]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-2-5 30168]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-9 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-11-9 13532]

=============== Created Last 30 ================

2009-03-20 19:09 <DIR> --d----- c:\program files\HDD Health
2009-03-20 18:40 <DIR> --d----- c:\program files\CCleaner
2009-03-15 20:10 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-03-15 20:10 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-03-15 20:10 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-03-15 20:10 75,264 a------- c:\windows\system32\unacev2.dll
2009-03-15 20:10 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-03-15 20:10 <DIR> --d----- c:\docume~1\clairm~1\applic~1\Simply Super Software
2009-03-15 20:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-03-15 13:20 <DIR> --d----- c:\program files\Trojan Remover
2009-03-14 18:28 389,120 a------- c:\windows\system32\CF11746.exe
2009-03-14 18:28 <DIR> --d----- C:\ComboFix
2009-03-14 18:14 <DIR> --d----- c:\docume~1\clairm~1\applic~1\WinPatrol
2009-03-14 18:13 <DIR> --d----- c:\program files\BillP Studios
2009-03-14 17:00 <DIR> --d----- c:\docume~1\clairm~1\applic~1\AdwareAlert
2009-03-12 00:55 558 a------- c:\windows\wininit.ini
2009-03-11 20:59 <DIR> --d----- c:\program files\Trend Micro
2009-03-09 23:01 212,711 a------- c:\windows\system32\nvapps.nvb
2009-03-09 22:56 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-03-08 14:12 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-04 20:25 <DIR> --d----- c:\documents and settings\clairmonte newton\FreePhoneLine
2009-03-02 18:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-03-02 18:24 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-03-02 18:22 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-02-27 23:07 <DIR> --d----- c:\docume~1\clairm~1\applic~1\InternetCalls

==================== Find3M ====================

2009-03-21 22:03 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-16 23:17 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-02-09 14:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-05 17:55 31,704 a------- c:\windows\system32\drivers\hssdrv.sys
2009-01-11 17:20 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-07 14:14 60,273 a------- c:\windows\system32\pthreadGC2.dll
2007-11-28 13:54 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-05-07 19:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050720080508\index.dat

============= FINISH: 22:11:01.62 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/9/2007 3:30:58 PM
System Uptime: 3/21/2009 10:03:02 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | LGA 775 | 2137/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 57.347 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 281.564 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF0B63BF
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0B63BF
Service: RTLWUSB

==== System Restore Points ===================

RP287: 12/17/2008 2:38:34 PM - Software Distribution Service 3.0
RP288: 12/19/2008 10:59:33 AM - System Checkpoint
RP289: 12/20/2008 12:17:36 AM - Installed Windows Internet Explorer 8.
RP290: 12/20/2008 2:54:05 PM - Installed Java(TM) 6 Update 11
RP291: 12/20/2008 2:54:54 PM - Installed Java Runtime Environment
RP292: 12/20/2008 6:54:02 PM - Restore Operation
RP293: 12/20/2008 7:09:43 PM - Restore Operation
RP294: 12/20/2008 7:16:38 PM - Restore Operation
RP295: 12/20/2008 7:21:24 PM - Software Distribution Service 3.0
RP296: 12/21/2008 6:07:28 PM - Installed Java(TM) 6 Update 11
RP297: 12/21/2008 6:17:01 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP298: 12/21/2008 6:56:56 PM - Configured Microsoft Office Enterprise 2007
RP299: 12/21/2008 7:06:48 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP300: 12/21/2008 8:01:03 PM - Installed Microsoft Office Outlook 2007
RP301: 12/21/2008 8:26:06 PM - Configured Microsoft Office Enterprise 2007
RP302: 12/21/2008 8:37:07 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP303: 12/21/2008 8:50:29 PM - Restore Operation
RP304: 12/21/2008 9:16:00 PM - Installed Java(TM) 6 Update 11
RP305: 12/21/2008 10:53:21 PM - Software Distribution Service 3.0
RP306: 12/21/2008 11:26:51 PM - Restore Operation
RP307: 12/21/2008 11:59:35 PM - Software Distribution Service 3.0
RP308: 12/22/2008 2:12:22 PM - Installed Java(TM) 6 Update 11
RP309: 12/22/2008 2:41:48 PM - Software Distribution Service 3.0
RP310: 12/22/2008 4:52:49 PM - Installed Internet Explorer 7 Internet Explorer 7.
RP311: 12/22/2008 4:54:55 PM - Installed Windows NLSDownlevelMapping.
RP312: 12/22/2008 6:33:24 PM - Software Distribution Service 3.0
RP313: 12/22/2008 6:37:04 PM - Installed Internet Explorer 7 Internet Explorer 7.
RP314: 12/22/2008 7:00:02 PM - Installed Microsoft Office Enterprise 2007
RP315: 12/22/2008 7:45:28 PM - Software Distribution Service 3.0
RP316: 12/22/2008 8:06:17 PM - Software Distribution Service 3.0
RP317: 12/23/2008 4:27:43 PM - Software Distribution Service 3.0
RP318: 12/24/2008 7:19:01 PM - System Checkpoint
RP319: 12/27/2008 5:45:38 PM - System Checkpoint
RP320: 12/30/2008 12:03:20 PM - System Checkpoint
RP321: 12/31/2008 5:46:33 PM - System Checkpoint
RP322: 1/2/2009 3:34:16 PM - System Checkpoint
RP323: 1/4/2009 4:36:41 PM - System Checkpoint
RP324: 1/5/2009 4:58:01 PM - System Checkpoint
RP325: 1/6/2009 5:56:47 PM - System Checkpoint
RP326: 1/7/2009 5:59:23 PM - System Checkpoint
RP327: 1/8/2009 2:32:42 PM - Installed Adobe Reader 9.
RP328: 1/8/2009 2:46:14 PM - Removed Ad-Aware SE Personal
RP329: 1/8/2009 2:46:21 PM - Installed Ad-Aware 2007
RP330: 1/8/2009 2:56:44 PM - Removed Ad-Aware 2007
RP331: 1/8/2009 3:19:23 PM - Installed Ad-Aware
RP332: 1/8/2009 3:50:54 PM - Removed Ad-Aware
RP333: 1/8/2009 3:52:24 PM - Installed Ad-Aware
RP334: 1/9/2009 11:01:20 PM - Installed Windows NLSDownlevelMapping.
RP335: 1/9/2009 11:02:01 PM - Installed Windows IDNMitigationAPIs.
RP336: 1/9/2009 11:02:18 PM - Installed Windows Internet Explorer 7.
RP337: 1/9/2009 11:16:34 PM - Software Distribution Service 3.0
RP338: 1/10/2009 11:32:30 PM - System Checkpoint
RP339: 1/11/2009 4:20:41 PM - Installed Logitech Desktop Messenger
RP340: 1/11/2009 4:21:09 PM - Installed Remote Control USB Driver
RP341: 1/11/2009 4:21:18 PM - Installed Logitech Harmony Remote Software 7
RP342: 1/12/2009 8:55:29 PM - System Checkpoint
RP343: 1/14/2009 1:06:07 AM - Software Distribution Service 3.0
RP344: 1/14/2009 8:56:05 PM - Software Distribution Service 3.0
RP345: 1/14/2009 10:12:21 PM - Installed iTunes
RP346: 1/14/2009 11:57:20 PM - Installed FreeAgent Pro Tools
RP347: 1/16/2009 1:52:48 PM - System Checkpoint
RP348: 1/16/2009 2:35:35 PM - Configured FreeAgent Pro Tools
RP349: 1/18/2009 2:59:57 PM - Software Distribution Service 3.0
RP350: 1/18/2009 3:07:08 PM - Software Distribution Service 3.0
RP351: 1/18/2009 3:08:42 PM - Software Distribution Service 3.0
RP352: 1/18/2009 4:34:58 PM - Software Distribution Service 3.0
RP353: 1/18/2009 10:23:19 PM - Software Distribution Service 3.0
RP354: 1/18/2009 10:42:13 PM - Software Distribution Service 3.0
RP355: 1/19/2009 8:32:44 PM - Software Distribution Service 3.0
RP356: 1/19/2009 9:11:07 PM - Software Distribution Service 3.0
RP357: 1/21/2009 7:08:15 PM - System Checkpoint
RP358: 1/23/2009 2:23:09 PM - System Checkpoint
RP359: 1/27/2009 7:59:43 PM - Installed MP3 Player Utilities
RP360: 1/28/2009 8:41:10 PM - System Checkpoint
RP361: 1/30/2009 4:33:15 PM - System Checkpoint
RP362: 2/4/2009 12:52:40 PM - System Checkpoint
RP363: 2/7/2009 7:07:27 PM - System Checkpoint
RP364: 2/8/2009 10:59:26 PM - Installed QuickTax 2008.
RP365: 2/10/2009 5:28:17 PM - System Checkpoint
RP366: 2/11/2009 6:55:16 PM - System Checkpoint
RP367: 2/11/2009 8:09:24 PM - Software Distribution Service 3.0
RP368: 2/13/2009 5:27:32 PM - System Checkpoint
RP369: 2/14/2009 1:03:14 PM - Removed McAfee VirusScan Enterprise
RP370: 2/15/2009 4:21:09 PM - System Checkpoint
RP371: 2/18/2009 5:08:48 PM - System Checkpoint
RP372: 2/19/2009 5:36:28 PM - System Checkpoint
RP373: 2/23/2009 3:29:26 PM - System Checkpoint
RP374: 2/24/2009 3:41:02 PM - System Checkpoint
RP375: 2/25/2009 12:42:22 AM - Software Distribution Service 3.0
RP376: 2/25/2009 10:46:22 PM - Software Distribution Service 3.0
RP377: 2/27/2009 5:24:19 PM - System Checkpoint
RP378: 2/28/2009 6:21:32 PM - System Checkpoint
RP379: 3/2/2009 5:24:34 PM - Installed Uniblue DriverScanner v1.0
RP380: 3/4/2009 12:45:39 PM - System Checkpoint
RP381: 3/4/2009 7:24:45 PM - Installed FreePhoneLine
RP382: 3/6/2009 12:46:20 PM - System Checkpoint
RP383: 3/7/2009 4:58:19 PM - System Checkpoint
RP384: 3/8/2009 1:38:19 PM - Removed FreePhoneLine
RP385: 3/9/2009 5:22:14 PM - System Checkpoint
RP386: 3/10/2009 8:54:18 PM - System Checkpoint
RP387: 3/10/2009 9:51:41 PM - Software Distribution Service 3.0
RP388: 3/11/2009 7:46:33 PM - Installed AdwareAlert
RP389: 3/13/2009 1:50:21 PM - System Checkpoint
RP390: 3/14/2009 3:59:12 PM - Removed AdwareAlert
RP391: 3/14/2009 4:00:07 PM - Installed AdwareAlert
RP392: 3/14/2009 4:27:20 PM - Removed AdwareAlert
RP393: 3/14/2009 4:28:19 PM - Installed AdwareAlert
RP394: 3/14/2009 5:26:56 PM - Removed AdwareAlert
RP395: 3/15/2009 7:19:12 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnyDVD
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ASUS DH Remote
ASUS WiFi-AP Solo
AsusUpdate
ATI - Software Uninstall Utility
ATI Parental Control
AutoBackup
avast! Antivirus
Belarc Advisor 7.2
BinChecker
BitComet 1.06
Bonjour
Canon MP Navigator 3.0
Canon MP160
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CDDRV_Installer
Coral Clock 3D Screensaver 1.0
Dr. Hardware 2007 8.5.0e
Easy-WebPrint
ErrorSmart
FreeAgent Pro Tools
FTDI USB Serial Converter Drivers
Google Chrome
Google Earth Pro
HDD Health v3.3 Beta
Hex Workshop v3.1
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotspot Shield 1.12
InterActual Player
Internet TV & Radio Player
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
jKeysMegaPack_v02.12.07
K-Lite Codec Pack 4.7.0 (Full)
KhalInstallWrapper
Lexmark 810 Series
LimeWire PRO 4.16.7
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Magic ISO Maker v5.4 (build 0239)
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft XML Parser
MosChip Multi-IO Controller
Mozilla (1.7.13)
Mozilla Firefox (3.0.7)
MP3 Player Utilities
MpcStar 3.3
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 7 Premium
neroxml
NVIDIA Drivers
OpenOffice.org Installer 1.0
PC Probe II
PDF Settings
PeerGuardian 2.0
Perfect Uninstaller v6.3.2.2
PixiePack Codec Pack
Player
PowerCinema 4.0
PowerDVD
PowerDVD Ultra
PowerISO
Punch! Home Design - Platinum
QuickTax 2008
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Remote Control USB Driver
Revo Uninstaller 1.80
Sandboxie 3.34
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skype™ 4.0
Sudoku 9981 v4.72
System Requirements Lab
Trojan Remover 6.7.6
Tunebite
UltraCompare Professional
Uniblue DriverScanner 2009
Uniblue PowerSuite
Uniblue SpyEraser
Unlocker 1.8.7
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VCRedistSetup
VideoLAN VLC media player 0.8.6b
Virtual Cable Tester
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Desktop Search 3.01
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2008
WinRAR archiver
WordWeb Pro

==== End Of File ===========================
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm

Re: IRC Bot Virus

Unread postby Odd dude » March 22nd, 2009, 4:10 am

Before we begin cleaning you, I would like you to read the following topic:
viewtopic.php?f=11&t=33112

I want you to realize this: Person-to-Person file sharing programmes are the #1 cause of infection to people. The program might not be infected, but the files you download with it most certainly can - and in fact, most of them will - be infected.

Please uninstall the Person-to-Person file sharing programmes mentioned below through Add/Remove Programs in the Control Panel.

BitComet 1.06
LimeWire PRO 4.16.7

Also uninstall any other P2P programs I may have missed. Thanks :)

Uninstall these as well:
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

Download and install the latest version from here. The site is a bit confusing; this is what you should do:
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 12.
  • Click the Download button to the right.
  • Choose the correct Platform. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Now, click Continue.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Now, close all other windows. Including Internet Explorer.
  • You can now install Java by double-clicking the executable you just downloaded.

After performing those steps, re-run DDS and post the logs.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 23rd, 2009, 4:50 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Clairmonte Newton at 16:40:33.34 on Mon 03/23/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1312 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090314-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HDD Health\HDDHealth.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Clairmonte Newton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\SpyEraser.exe" -m
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\clairmonte newton\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Tunebite] c:\program files\rapidsolution\tunebite\Tunebite.exe -tray
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [InternetCalls] "c:\program files\internetcalls.com\internetcalls\InternetCalls.exe" -nosplash -minimized
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [HDDHealth] c:\program files\hdd health\HDDHealth.exe -wl
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\mpcstar\codecs\quicktime\qttask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\clairm~1\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\clairm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\clairm~1\startm~1\programs\startup\wordwe~1.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuswi~1.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\clairm~1\applic~1\mozilla\firefox\profiles\q54pqdrb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\documents and settings\clairmonte newton\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mpcstar\codecs\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-14 114768]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2007-11-9 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2007-11-9 62080]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-9-19 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-14 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-14 138680]
R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-1-12 3584]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-2-5 117208]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-14 352920]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-2-3 31704]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 drhard;DRHARD;c:\windows\system32\drivers\drhard.sys [2007-11-25 23600]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-2-5 30168]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-9 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-11-9 13532]

=============== Created Last 30 ================

2009-03-20 19:09 <DIR> --d----- c:\program files\HDD Health
2009-03-20 18:40 <DIR> --d----- c:\program files\CCleaner
2009-03-15 20:10 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-03-15 20:10 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-03-15 20:10 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-03-15 20:10 75,264 a------- c:\windows\system32\unacev2.dll
2009-03-15 20:10 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-03-15 20:10 <DIR> --d----- c:\docume~1\clairm~1\applic~1\Simply Super Software
2009-03-15 20:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-03-15 13:20 <DIR> --d----- c:\program files\Trojan Remover
2009-03-14 18:28 389,120 a------- c:\windows\system32\CF11746.exe
2009-03-14 18:28 <DIR> --d----- C:\ComboFix
2009-03-14 18:14 <DIR> --d----- c:\docume~1\clairm~1\applic~1\WinPatrol
2009-03-14 18:13 <DIR> --d----- c:\program files\BillP Studios
2009-03-14 17:00 <DIR> --d----- c:\docume~1\clairm~1\applic~1\AdwareAlert
2009-03-12 00:55 558 a------- c:\windows\wininit.ini
2009-03-11 20:59 <DIR> --d----- c:\program files\Trend Micro
2009-03-09 23:01 212,711 a------- c:\windows\system32\nvapps.nvb
2009-03-09 22:56 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-03-08 14:12 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-04 20:25 <DIR> --d----- c:\documents and settings\clairmonte newton\FreePhoneLine
2009-03-02 18:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-03-02 18:24 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-03-02 18:22 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-02-27 23:07 <DIR> --d----- c:\docume~1\clairm~1\applic~1\InternetCalls

==================== Find3M ====================

2009-03-23 16:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-23 15:58 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-02-16 23:17 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-02-09 14:56 67,584 a------- c:\windows\system32\ff_vfw.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-05 17:55 31,704 a------- c:\windows\system32\drivers\hssdrv.sys
2009-01-11 17:20 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-07 14:14 60,273 a------- c:\windows\system32\pthreadGC2.dll
2007-11-28 13:54 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-05-07 19:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050720080508\index.dat

============= FINISH: 16:40:44.73 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/9/2007 3:30:58 PM
System Uptime: 3/23/2009 3:57:58 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5W DH Deluxe
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | LGA 775 | 2137/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 60.57 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 281.564 GiB free.
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF0B63BF
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0B63BF
Service: RTLWUSB

==== System Restore Points ===================

RP287: 12/17/2008 2:38:34 PM - Software Distribution Service 3.0
RP288: 12/19/2008 10:59:33 AM - System Checkpoint
RP289: 12/20/2008 12:17:36 AM - Installed Windows Internet Explorer 8.
RP290: 12/20/2008 2:54:05 PM - Installed Java(TM) 6 Update 11
RP291: 12/20/2008 2:54:54 PM - Installed Java Runtime Environment
RP292: 12/20/2008 6:54:02 PM - Restore Operation
RP293: 12/20/2008 7:09:43 PM - Restore Operation
RP294: 12/20/2008 7:16:38 PM - Restore Operation
RP295: 12/20/2008 7:21:24 PM - Software Distribution Service 3.0
RP296: 12/21/2008 6:07:28 PM - Installed Java(TM) 6 Update 11
RP297: 12/21/2008 6:17:01 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP298: 12/21/2008 6:56:56 PM - Configured Microsoft Office Enterprise 2007
RP299: 12/21/2008 7:06:48 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP300: 12/21/2008 8:01:03 PM - Installed Microsoft Office Outlook 2007
RP301: 12/21/2008 8:26:06 PM - Configured Microsoft Office Enterprise 2007
RP302: 12/21/2008 8:37:07 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP303: 12/21/2008 8:50:29 PM - Restore Operation
RP304: 12/21/2008 9:16:00 PM - Installed Java(TM) 6 Update 11
RP305: 12/21/2008 10:53:21 PM - Software Distribution Service 3.0
RP306: 12/21/2008 11:26:51 PM - Restore Operation
RP307: 12/21/2008 11:59:35 PM - Software Distribution Service 3.0
RP308: 12/22/2008 2:12:22 PM - Installed Java(TM) 6 Update 11
RP309: 12/22/2008 2:41:48 PM - Software Distribution Service 3.0
RP310: 12/22/2008 4:52:49 PM - Installed Internet Explorer 7 Internet Explorer 7.
RP311: 12/22/2008 4:54:55 PM - Installed Windows NLSDownlevelMapping.
RP312: 12/22/2008 6:33:24 PM - Software Distribution Service 3.0
RP313: 12/22/2008 6:37:04 PM - Installed Internet Explorer 7 Internet Explorer 7.
RP314: 12/22/2008 7:00:02 PM - Installed Microsoft Office Enterprise 2007
RP315: 12/22/2008 7:45:28 PM - Software Distribution Service 3.0
RP316: 12/22/2008 8:06:17 PM - Software Distribution Service 3.0
RP317: 12/23/2008 4:27:43 PM - Software Distribution Service 3.0
RP318: 12/24/2008 7:19:01 PM - System Checkpoint
RP319: 12/27/2008 5:45:38 PM - System Checkpoint
RP320: 12/30/2008 12:03:20 PM - System Checkpoint
RP321: 12/31/2008 5:46:33 PM - System Checkpoint
RP322: 1/2/2009 3:34:16 PM - System Checkpoint
RP323: 1/4/2009 4:36:41 PM - System Checkpoint
RP324: 1/5/2009 4:58:01 PM - System Checkpoint
RP325: 1/6/2009 5:56:47 PM - System Checkpoint
RP326: 1/7/2009 5:59:23 PM - System Checkpoint
RP327: 1/8/2009 2:32:42 PM - Installed Adobe Reader 9.
RP328: 1/8/2009 2:46:14 PM - Removed Ad-Aware SE Personal
RP329: 1/8/2009 2:46:21 PM - Installed Ad-Aware 2007
RP330: 1/8/2009 2:56:44 PM - Removed Ad-Aware 2007
RP331: 1/8/2009 3:19:23 PM - Installed Ad-Aware
RP332: 1/8/2009 3:50:54 PM - Removed Ad-Aware
RP333: 1/8/2009 3:52:24 PM - Installed Ad-Aware
RP334: 1/9/2009 11:01:20 PM - Installed Windows NLSDownlevelMapping.
RP335: 1/9/2009 11:02:01 PM - Installed Windows IDNMitigationAPIs.
RP336: 1/9/2009 11:02:18 PM - Installed Windows Internet Explorer 7.
RP337: 1/9/2009 11:16:34 PM - Software Distribution Service 3.0
RP338: 1/10/2009 11:32:30 PM - System Checkpoint
RP339: 1/11/2009 4:20:41 PM - Installed Logitech Desktop Messenger
RP340: 1/11/2009 4:21:09 PM - Installed Remote Control USB Driver
RP341: 1/11/2009 4:21:18 PM - Installed Logitech Harmony Remote Software 7
RP342: 1/12/2009 8:55:29 PM - System Checkpoint
RP343: 1/14/2009 1:06:07 AM - Software Distribution Service 3.0
RP344: 1/14/2009 8:56:05 PM - Software Distribution Service 3.0
RP345: 1/14/2009 10:12:21 PM - Installed iTunes
RP346: 1/14/2009 11:57:20 PM - Installed FreeAgent Pro Tools
RP347: 1/16/2009 1:52:48 PM - System Checkpoint
RP348: 1/16/2009 2:35:35 PM - Configured FreeAgent Pro Tools
RP349: 1/18/2009 2:59:57 PM - Software Distribution Service 3.0
RP350: 1/18/2009 3:07:08 PM - Software Distribution Service 3.0
RP351: 1/18/2009 3:08:42 PM - Software Distribution Service 3.0
RP352: 1/18/2009 4:34:58 PM - Software Distribution Service 3.0
RP353: 1/18/2009 10:23:19 PM - Software Distribution Service 3.0
RP354: 1/18/2009 10:42:13 PM - Software Distribution Service 3.0
RP355: 1/19/2009 8:32:44 PM - Software Distribution Service 3.0
RP356: 1/19/2009 9:11:07 PM - Software Distribution Service 3.0
RP357: 1/21/2009 7:08:15 PM - System Checkpoint
RP358: 1/23/2009 2:23:09 PM - System Checkpoint
RP359: 1/27/2009 7:59:43 PM - Installed MP3 Player Utilities
RP360: 1/28/2009 8:41:10 PM - System Checkpoint
RP361: 1/30/2009 4:33:15 PM - System Checkpoint
RP362: 2/4/2009 12:52:40 PM - System Checkpoint
RP363: 2/7/2009 7:07:27 PM - System Checkpoint
RP364: 2/8/2009 10:59:26 PM - Installed QuickTax 2008.
RP365: 2/10/2009 5:28:17 PM - System Checkpoint
RP366: 2/11/2009 6:55:16 PM - System Checkpoint
RP367: 2/11/2009 8:09:24 PM - Software Distribution Service 3.0
RP368: 2/13/2009 5:27:32 PM - System Checkpoint
RP369: 2/14/2009 1:03:14 PM - Removed McAfee VirusScan Enterprise
RP370: 2/15/2009 4:21:09 PM - System Checkpoint
RP371: 2/18/2009 5:08:48 PM - System Checkpoint
RP372: 2/19/2009 5:36:28 PM - System Checkpoint
RP373: 2/23/2009 3:29:26 PM - System Checkpoint
RP374: 2/24/2009 3:41:02 PM - System Checkpoint
RP375: 2/25/2009 12:42:22 AM - Software Distribution Service 3.0
RP376: 2/25/2009 10:46:22 PM - Software Distribution Service 3.0
RP377: 2/27/2009 5:24:19 PM - System Checkpoint
RP378: 2/28/2009 6:21:32 PM - System Checkpoint
RP379: 3/2/2009 5:24:34 PM - Installed Uniblue DriverScanner v1.0
RP380: 3/4/2009 12:45:39 PM - System Checkpoint
RP381: 3/4/2009 7:24:45 PM - Installed FreePhoneLine
RP382: 3/6/2009 12:46:20 PM - System Checkpoint
RP383: 3/7/2009 4:58:19 PM - System Checkpoint
RP384: 3/8/2009 1:38:19 PM - Removed FreePhoneLine
RP385: 3/9/2009 5:22:14 PM - System Checkpoint
RP386: 3/10/2009 8:54:18 PM - System Checkpoint
RP387: 3/10/2009 9:51:41 PM - Software Distribution Service 3.0
RP388: 3/11/2009 7:46:33 PM - Installed AdwareAlert
RP389: 3/13/2009 1:50:21 PM - System Checkpoint
RP390: 3/14/2009 3:59:12 PM - Removed AdwareAlert
RP391: 3/14/2009 4:00:07 PM - Installed AdwareAlert
RP392: 3/14/2009 4:27:20 PM - Removed AdwareAlert
RP393: 3/14/2009 4:28:19 PM - Installed AdwareAlert
RP394: 3/14/2009 5:26:56 PM - Removed AdwareAlert
RP395: 3/15/2009 7:19:12 PM - System Checkpoint
RP396: 3/23/2009 4:11:15 PM - Removed Java(TM) 6 Update 10
RP397: 3/23/2009 4:39:37 PM - Installed Java(TM) 6 Update 12

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnyDVD
APC PowerChute Personal Edition
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ASUS DH Remote
ASUS WiFi-AP Solo
AsusUpdate
ATI - Software Uninstall Utility
ATI Parental Control
AutoBackup
avast! Antivirus
Belarc Advisor 7.2
BinChecker
Bonjour
Canon MP Navigator 3.0
Canon MP160
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
CDDRV_Installer
Coral Clock 3D Screensaver 1.0
Dr. Hardware 2007 8.5.0e
Easy-WebPrint
ErrorSmart
FreeAgent Pro Tools
FTDI USB Serial Converter Drivers
Google Chrome
Google Earth Pro
HDD Health v3.3 Beta
Hex Workshop v3.1
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotspot Shield 1.12
InterActual Player
Internet TV & Radio Player
Java(TM) 6 Update 12
jKeysMegaPack_v02.12.07
K-Lite Codec Pack 4.7.0 (Full)
KhalInstallWrapper
Lexmark 810 Series
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Magic ISO Maker v5.4 (build 0239)
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft XML Parser
MosChip Multi-IO Controller
Mozilla (1.7.13)
Mozilla Firefox (3.0.7)
MP3 Player Utilities
MpcStar 3.3
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 7 Premium
neroxml
NVIDIA Drivers
OpenOffice.org Installer 1.0
PC Probe II
PDF Settings
PeerGuardian 2.0
Perfect Uninstaller v6.3.2.2
PixiePack Codec Pack
Player
PowerCinema 4.0
PowerDVD
PowerDVD Ultra
PowerISO
Punch! Home Design - Platinum
QuickTax 2008
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Remote Control USB Driver
Revo Uninstaller 1.80
Sandboxie 3.34
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Skype™ 4.0
Sudoku 9981 v4.72
System Requirements Lab
Trojan Remover 6.7.6
Tunebite
UltraCompare Professional
Uniblue DriverScanner 2009
Uniblue PowerSuite
Uniblue SpyEraser
Unlocker 1.8.7
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VCRedistSetup
VideoLAN VLC media player 0.8.6b
Virtual Cable Tester
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Desktop Search 3.01
Windows Imaging Component
Windows Internet Explorer 7
Windows Live installer
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
WinPatrol 2008
WinRAR archiver
WordWeb Pro

==== End Of File ===========================
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm

Re: IRC Bot Virus

Unread postby Odd dude » March 24th, 2009, 2:39 am

AV: avast! antivirus 4.8.1335 [VPS 090314-0] *On-access scanning enabled* (Outdated)

You'll want to update Avast.

2009-03-14 18:28 <DIR> --d----- C:\ComboFix

Why did you run ComboFix? Please post the ComboFix log. (c:\combofix.txt)

I see one or two bad files but nothing really serious.

Post next the Combofix log.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 24th, 2009, 8:36 pm

I downloaded and installed ComboFix as I had read on the web that it would detect and remove viruses but did not run it. I attempted to run it today but it told me that it had expired and would have limited functionality.
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm

Re: IRC Bot Virus

Unread postby Odd dude » March 25th, 2009, 7:09 am

OK :)

In future, don't run tools on your own. ComboFix has some very powerful functions which are very dangerous when used by the inexperienced.

Now - you said this:
I was informed by my ISP that I have the IRC Bot virus. I scanned my system using Avast Professional but found nothing. Attached is the log file.

Do you know why does ISP thinks you have an IRC Bot? I'm not seeing one, and my view of everything being fine is backed up by Avast (a good scanner) not finding anything. We can always take a deeper look, though.

To prevent infection, uninstall your Adobe Reader and Java as they're outdated and pose a security risk. The latest version can be dowloaded here for Adobe and for Java use these instructions:
Download and install the latest Java from here. The site is a bit confusing; this is what you should do:
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 13.
  • Click the Download button to the right.
  • Choose the correct Platform. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Now, click Continue.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Now, close all other windows. Including Internet Explorer.
  • You can now install Java by double-clicking the executable you just downloaded.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 25th, 2009, 7:32 pm

The ISP (Rogers) just informed me that the computer was infected with the "IRC Bit/Virus" and gave me 48 hours to get rid of it. I tried to get them online but was on hold for 1 1/2 hours on two separate occasions. Never received any assistance from them. The PC has not been connectd to the net since March 10, 2009. I have made all the corrections as per your instructions.

The last line of the email reads:

"Your IP reported for ToxBot virus calling home, seen 17 times ending 2009-03-10 03:13:41. data: srcport 63276"
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm

Re: IRC Bot Virus

Unread postby Odd dude » March 26th, 2009, 7:49 am

From the looks of it, everything is fine.

However this needs investigation.

I see you have run ComboFix. We'll need to rerun it anyway to properly uninstall it, however it can also check areas at which our tools usually don't look. Also, if Texbot is present (which it from the looks of it is not), ComboFix will take it out.

ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without expert guidance.

ComboFix uses very brute tactics to rip malware off your system. Do not panic if your antivirus software warns you about the file.

:!: Please disable all your antivirus software, firewalls, and antispyware software BEFORE running ComboFix!! :!:

(If I should give more detailed instructions regarding how to do this, please inform me and do not proceed)


  • Download ComboFix from here and save it to your desktop.
  • Disable ALL antivirus/antimalware programs before proceeding!
  • Now start ComboFix.
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running! (Unless ComboFix needs you to do something ;))
  • When finished, the report will open. Reenable your protection software and post the log in your next reply.

If you cannot connect to the internet after running ComboFix, plug the cable/reciever/whatever you use to connect to the internet out and back in.


Next, a scan for superhidden infections:


GMER
Do not touch the computer while GMER is running! If you do, it'll go completely unresponsive and you'll have to shut it down using the power switch. Just don't touch the PC while GMER is working.
Please download gmer.zip by GMER and save it to your desktop.

  • Right click the file you just downloaded and choose Extract all
  • Click Next
  • Click Browse
  • Click the + next to My Computer
  • Click Local Disk (C:)
  • Click Make new folder
  • Enter GMER
  • Click OK, then Next
  • Check Show extracted files and click Finish
  • Double click on GMER.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the GMER scan log and post it in your next reply.
  • Close GMER.


Next, let's see whether what your ISP says is actually true.

Click Start>Run and copy and paste this:
Code: Select all
CMD /C netstat -a>>"%Userprofile%\Desktop\PostMe.txt" 2>>&1

Click OK. A black box will open and close, a file called PostMe.txt appears on your desktop.


Post:
- ComboFix log
- GMER log
- PostMe.txt's contents
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 26th, 2009, 8:39 pm

Active Connections

Proto Local Address Foreign Address State
TCP blackbeauty:epmap blackbeauty:0 LISTENING
TCP blackbeauty:microsoft-ds blackbeauty:0 LISTENING
TCP blackbeauty:1025 blackbeauty:0 LISTENING
TCP blackbeauty:2869 blackbeauty:0 LISTENING
TCP blackbeauty:1033 blackbeauty:0 LISTENING
TCP blackbeauty:5354 blackbeauty:0 LISTENING
TCP blackbeauty:12025 blackbeauty:0 LISTENING
TCP blackbeauty:12080 blackbeauty:0 LISTENING
TCP blackbeauty:12110 blackbeauty:0 LISTENING
TCP blackbeauty:12119 blackbeauty:0 LISTENING
TCP blackbeauty:12143 blackbeauty:0 LISTENING
TCP blackbeauty:12346 blackbeauty:0 LISTENING
TCP blackbeauty:27015 blackbeauty:0 LISTENING
TCP blackbeauty:netbios-ssn blackbeauty:0 LISTENING
TCP blackbeauty:1247 192.168.0.100:microsoft-ds ESTABLISHED
TCP blackbeauty:2869 192.168.0.1:1084 TIME_WAIT
TCP blackbeauty:2869 192.168.0.1:1085 TIME_WAIT
UDP blackbeauty:microsoft-ds *:*
UDP blackbeauty:isakmp *:*
UDP blackbeauty:1026 *:*
UDP blackbeauty:4500 *:*
UDP blackbeauty:9370 *:*
UDP blackbeauty:52441 *:*
UDP blackbeauty:ntp *:*
UDP blackbeauty:1027 *:*
UDP blackbeauty:1069 *:*
UDP blackbeauty:1900 *:*
UDP blackbeauty:ntp *:*
UDP blackbeauty:netbios-ns *:*
UDP blackbeauty:netbios-dgm *:*
UDP blackbeauty:1900 *:*
UDP blackbeauty:5353 *:*


GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-26 20:13:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB321E6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB321E574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB321EA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB321E14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB321E64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB321E08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB321E0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB321E76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB321E72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB321E8AE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49B4 4 Bytes JMP 89A8B321
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL A11BFFB2
? Combo-Fix.sys The system cannot find the file specified. !
.text win32k.sys!EngAcquireSemaphore + 2645 BF808959 5 Bytes JMP 8A6424D0
.text win32k.sys!EngFreeUserMem + 5502 BF80EE10 5 Bytes JMP 8A642430
.text win32k.sys!EngCreateBitmap + D95F BF8457CB 5 Bytes JMP 8A642610
.text win32k.sys!EngMultiByteToWideChar + 2F22 BF85273C 5 Bytes JMP 8A642750
.text win32k.sys!EngGradientFill + 5128 BF8B3C72 5 Bytes JMP 8A642570
.text win32k.sys!EngAlphaBlend + 9286 BF8C3127 5 Bytes JMP 8A6426B0
.text win32k.sys!PATHOBJ_vGetBounds + 74E3 BF8F009B 5 Bytes JMP 8A6427F0
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[984] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00F21B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [020F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [020F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [020F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [020F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[1772] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1772] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00372F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00372CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00372D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00372CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02412F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02412CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02412D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02412CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1f AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort5 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-a AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP4T1L0-12 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
ComboFix 09-03-25.04 - Clairmonte Newton 2009-03-26 16:49:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1222 [GMT -4:00]
Running from: c:\documents and settings\Clairmonte Newton\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090314-0] *On-access scanning disabled* (Outdated)
* Created a new restore point
.
ADS - system32: deleted 1056 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll
E:\install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-20 19:09 . 2009-03-20 19:12 <DIR> d-------- c:\program files\HDD Health
2009-03-20 18:40 . 2009-03-20 19:11 <DIR> d-------- c:\program files\CCleaner
2009-03-15 20:10 . 2009-03-15 20:10 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\Simply Super Software
2009-03-15 20:10 . 2009-03-15 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-15 20:10 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-15 20:10 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-15 20:10 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-03-15 20:10 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-15 20:10 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-03-15 13:27 . 2009-03-15 20:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 13:20 . 2009-03-15 20:12 <DIR> d-------- c:\program files\Trojan Remover
2009-03-14 18:14 . 2009-03-14 18:14 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\WinPatrol
2009-03-14 18:13 . 2009-03-14 18:13 <DIR> d-------- c:\program files\BillP Studios
2009-03-14 17:00 . 2009-03-14 17:29 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\AdwareAlert
2009-03-12 00:55 . 2009-03-12 01:03 558 --a------ c:\windows\wininit.ini
2009-03-11 20:59 . 2009-03-11 20:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-09 23:01 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-09 22:56 . 2009-03-09 22:56 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-03-09 22:56 . 2009-03-09 22:56 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\SystemRequirementsLab
2009-03-08 14:12 . 2009-03-09 17:13 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-04 20:25 . 2009-03-04 20:26 <DIR> d-------- c:\documents and settings\Clairmonte Newton\FreePhoneLine
2009-03-03 19:48 . 2009-03-03 19:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\DivX
2009-03-02 21:23 . 2009-03-02 21:23 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-02 18:25 . 2009-03-02 18:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-02 18:24 . 2009-03-02 18:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-03-02 18:22 . 2009-03-02 18:23 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-02 18:22 . 2008-11-06 12:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-03-02 18:22 . 2008-09-24 14:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-03-02 18:22 . 2008-12-07 14:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-03-02 18:22 . 2008-11-06 12:33 684,032 --a------ c:\windows\system32\divx.dll
2009-03-02 18:22 . 2004-01-25 12:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-03-02 18:22 . 2008-09-16 15:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-03-02 18:22 . 2008-12-07 14:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-03-02 18:22 . 2007-09-20 20:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-03-02 18:22 . 2008-12-10 20:33 86,016 --a------ c:\windows\system32\dpl100.dll
2009-03-02 18:22 . 2009-02-09 14:56 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-03-02 18:22 . 2007-07-10 12:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-02 18:22 . 2008-10-03 08:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-02-27 23:07 . 2009-02-27 23:13 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\InternetCalls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 20:57 --------- d-----w c:\program files\PeerGuardian2
2009-03-26 20:52 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-03-26 20:41 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Tunebite
2009-03-26 20:10 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\skypePM
2009-03-23 20:10 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\LimeWire
2009-03-23 19:58 --------- d-----w c:\program files\BitComet
2009-03-15 17:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-15 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 17:10 --------- d-----w c:\program files\Perfect Uninstaller
2009-03-14 21:11 --------- d-----w c:\program files\Lavasoft
2009-03-14 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 02:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-07 20:01 --------- d-----w c:\program files\Hotspot Shield
2009-03-04 18:26 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Skype
2009-03-03 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-03 01:23 --------- d-----r c:\program files\Skype
2009-03-02 22:41 --------- d-----w c:\program files\QuickTax 2008
2009-03-02 22:33 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\vlc
2009-03-02 22:25 --------- d-----w c:\program files\Uniblue
2009-03-02 22:25 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Uniblue
2009-02-26 22:09 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 01:05 --------- d-----w c:\program files\Punch! Home Design - Platinum
2009-02-19 22:49 --------- d-----w c:\program files\VS Revo Group
2009-02-18 18:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-15 19:56 --------- d-----w c:\program files\ErrorSmart
2009-02-14 18:50 --------- d-----w c:\program files\Alwil Software
2009-02-14 18:04 --------- d-----w c:\program files\Network Associates
2009-02-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-09 03:59 --------- d-----w c:\program files\Common Files\Intuit
2009-02-09 03:59 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-02-09 03:59 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Intuit Canada
2009-02-09 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit Canada
2009-02-05 21:55 31,704 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-02-03 22:29 --------- d-----w c:\program files\Conduit
2009-01-28 00:59 --------- d-----w c:\program files\MP3 Player Utilities
2009-01-11 21:20 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2007-11-28 17:54 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-07 23:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-03-07 16:01 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-09 474112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 1424648]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Google Update"="c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-01 4998448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-01-05 336896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2008-11-04 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-21 1211784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\Clairmonte Newton\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-01-14 95456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2007-11-15 44384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-11-09 221247]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-09 987136]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-11 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-09 692224]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"7774:TCP"= 7774:TCP:BitComet 7774 TCP
"7774:UDP"= 7774:UDP:BitComet 7774 UDP
"10064:TCP"= 10064:TCP:BitComet 10064 TCP
"10064:UDP"= 10064:UDP:BitComet 10064 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-14 114768]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2007-11-09 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2007-11-09 62080]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37:48 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-14 20560]
R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-01-12 3584]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-02-03 31704]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
S3 drhard;DRHARD;c:\windows\system32\drivers\drhard.sys [2007-11-25 23600]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [2009-02-05 30168]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-09 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-11-09 13532]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133ffa91-c4ce-11dd-a8e6-0018f3ab6c7d}]
\Shell\AutoRun\command - "H:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74cb99a8-8fb5-11dc-a707-0018f3ab6c7d}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-839522115-1003.job
- c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:12]

2008-04-19 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-InternetCalls - c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe
MSConfigStartUp-Jsoqeye - c:\windows\Hhetiranoh.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\QuickTax 2008\ic2008pp.dll
FF - ProfilePath - c:\documents and settings\Clairmonte Newton\Application Data\Mozilla\Firefox\Profiles\q54pqdrb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 16:55:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Seagate\AutoBackup\MemeoBackup.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-03-26 17:02:53 - machine was rebooted [Clairmonte Newton]
ComboFix-quarantined-files.txt 2009-03-26 21:02:50

Pre-Run: 70,221,496,320 bytes free
Post-Run: 70,092,926,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

278 --- E O F --- 2009-03-11 02:53:21
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm

Re: IRC Bot Virus

Unread postby Odd dude » March 27th, 2009, 8:15 am

That all looks OK.

Look, we've run a gazillion scans and they all turned out OK. Your ISP must simply be mistaken.

I'm not seeing anything bad. If you're convinced you're infected, then I must be missing something. In that case, I can ask for help from the fellow malware removers.

Let me know whether you want me to try to do so.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 27th, 2009, 5:06 pm

I thank you for the time and effort spent in assisting me with this "problem". I am being rather cautious as this happened last year and my account was suspended for 14 days. I ran some tests then - nothing like the ones you did for me - and I also found nothing. If however, you think it would help in asking one of the other guys to have a look at the output, please do so, else I will take your word for it.

Thanks once again and let me know of your decision. I will wait to hear from you before I hook the PC up to the internet.
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm

Re: IRC Bot Virus

Unread postby Odd dude » March 27th, 2009, 5:24 pm

I thank you for the time and effort spent in assisting me with this "problem".
You're very welcome :)
I am being rather cautious as this happened last year and my account was suspended for 14 days.
And you should. I would probably have done the same.

One thing which may help is to install a firewall. Firewalls are programs which give you nearly complete control over what can and cannot connect to the internet. The downside is that at first, the firewall needs to 'learn' your computer's normal behaviour, so the first week will see A LOT of firewall prompts. It is annoying, but it will provide you with immediate notice of suspicious internet activity. Seeing as your ISP seems to be rather strict, this may be just what you need.

If it's okay with you, we will first use ComboFix to clean up two leftover inactive malware files and clean up DDS as well. Next, I'll give recommendations to prevent future malware attacks.

Run CFScript
Open notepad and copy/paste the following to it:

Code: Select all
file::
c:\windows\system32\drivers\lvuvc.hs
c:\docume~1\alluse~1\applic~1\ezsid.dat
C:\Documents and Settings\Clairmonte Newton\Desktop\dds.scr
C:\Documents and Settings\Clairmonte Newton\Desktop\gmer.zip
C:\Documents and Settings\Clairmonte Newton\Desktop\gmer.exe
folder::
c:\docume~1\clairm~1\applic~1\AdwareAlert
registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7774:TCP"=-
"7774:UDP"=-
"10064:TCP"=-
"10064:UDP"=-


Save this to your desktop as "CFScript.txt".

Disconnect from the internet, disable your antimalware software like you did before, and drag CFScript into ComboFix

Image

ComboFix will run again, please be patient and post the log like usual.

After I review the ComboFix log (to make sure everything has gone according to plan) I will give instructions on uninstalling ComboFix, installing a firewall and general malware prevention tips.

To make absolutely sure I did not miss anything, you may also want to give this great scanner a try:

Malwarebytes' Anti-Malware
I need you to download Malwarebytes' Anti-Malware.

  • Install the program by following the prompts after double-clicking on mbam-setup.exe
  • Once you approach the final installation screen, put a check next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish
  • MBAM (that's an acronym of Malwarebytes' Anti-Malware) will now start. Choose Perform full scan and click Scan
  • Get a cup of coffee/tea/hot chocolate and watch some TV for about an hour.
  • Once the scan has finished, click OK, then Show Results.
  • Put a check next to everything, then click Remove selected.
  • Now, a log will open. Save this to your desktop and post it.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 27th, 2009, 6:30 pm

ComboFix 09-03-25.04 - Clairmonte Newton 2009-03-27 18:09:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1404 [GMT -4:00]
Running from: c:\documents and settings\Clairmonte Newton\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Clairmonte Newton\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\docume~1\alluse~1\applic~1\ezsid.dat
c:\documents and settings\Clairmonte Newton\Desktop\dds.scr
c:\documents and settings\Clairmonte Newton\Desktop\gmer.exe
c:\documents and settings\Clairmonte Newton\Desktop\gmer.zip
c:\windows\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\ezsid.dat
c:\docume~1\clairm~1\applic~1\AdwareAlert
c:\docume~1\clairm~1\applic~1\AdwareAlert\Log\2009 Mar 14 - 05_00_13 PM_390.log
c:\docume~1\clairm~1\applic~1\AdwareAlert\Log\2009 Mar 14 - 05_25_13 PM_468.log
c:\docume~1\clairm~1\applic~1\AdwareAlert\Log\2009 Mar 14 - 05_28_25 PM_076.log
c:\docume~1\clairm~1\applic~1\AdwareAlert\Log\2009 Mar 14 - 05_28_59 PM_530.log
c:\docume~1\clairm~1\applic~1\AdwareAlert\Log\2009 Mar 14 - 05_29_34 PM_889.log
c:\docume~1\clairm~1\applic~1\AdwareAlert\rs.dat
c:\docume~1\clairm~1\applic~1\AdwareAlert\Settings\ScanResults.pie
c:\documents and settings\Clairmonte Newton\Desktop\dds.scr
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-26 17:22 . 2009-03-26 17:22 <DIR> d-------- C:\GMER
2009-03-20 19:09 . 2009-03-20 19:12 <DIR> d-------- c:\program files\HDD Health
2009-03-20 18:40 . 2009-03-20 19:11 <DIR> d-------- c:\program files\CCleaner
2009-03-15 20:10 . 2009-03-15 20:10 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\Simply Super Software
2009-03-15 20:10 . 2009-03-15 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-15 20:10 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-15 20:10 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-15 20:10 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-03-15 20:10 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-15 20:10 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-03-15 13:27 . 2009-03-15 20:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 13:20 . 2009-03-15 20:12 <DIR> d-------- c:\program files\Trojan Remover
2009-03-14 18:14 . 2009-03-14 18:14 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\WinPatrol
2009-03-14 18:13 . 2009-03-14 18:13 <DIR> d-------- c:\program files\BillP Studios
2009-03-12 00:55 . 2009-03-12 01:03 558 --a------ c:\windows\wininit.ini
2009-03-11 20:59 . 2009-03-11 20:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-09 23:01 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-09 22:56 . 2009-03-09 22:56 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-03-09 22:56 . 2009-03-09 22:56 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\SystemRequirementsLab
2009-03-08 14:12 . 2009-03-09 17:13 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-04 20:25 . 2009-03-04 20:26 <DIR> d-------- c:\documents and settings\Clairmonte Newton\FreePhoneLine
2009-03-03 19:48 . 2009-03-03 19:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\DivX
2009-03-02 21:23 . 2009-03-02 21:23 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-02 18:25 . 2009-03-02 18:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-02 18:24 . 2009-03-02 18:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-03-02 18:22 . 2009-03-02 18:23 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-02 18:22 . 2008-11-06 12:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-03-02 18:22 . 2008-09-24 14:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-03-02 18:22 . 2008-12-07 14:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-03-02 18:22 . 2008-11-06 12:33 684,032 --a------ c:\windows\system32\divx.dll
2009-03-02 18:22 . 2004-01-25 12:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-03-02 18:22 . 2008-09-16 15:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-03-02 18:22 . 2008-12-07 14:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-03-02 18:22 . 2007-09-20 20:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-03-02 18:22 . 2008-12-10 20:33 86,016 --a------ c:\windows\system32\dpl100.dll
2009-03-02 18:22 . 2009-02-09 14:56 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-03-02 18:22 . 2007-07-10 12:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-02 18:22 . 2008-10-03 08:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-02-27 23:07 . 2009-02-27 23:13 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\InternetCalls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 22:08 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Tunebite
2009-03-27 22:01 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\skypePM
2009-03-27 22:00 --------- d-----w c:\program files\PeerGuardian2
2009-03-25 23:53 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-23 20:10 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\LimeWire
2009-03-23 19:58 --------- d-----w c:\program files\BitComet
2009-03-15 17:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-15 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 17:10 --------- d-----w c:\program files\Perfect Uninstaller
2009-03-14 21:11 --------- d-----w c:\program files\Lavasoft
2009-03-14 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 02:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-07 20:01 --------- d-----w c:\program files\Hotspot Shield
2009-03-04 18:26 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Skype
2009-03-03 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-03 01:23 --------- d-----r c:\program files\Skype
2009-03-02 22:41 --------- d-----w c:\program files\QuickTax 2008
2009-03-02 22:33 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\vlc
2009-03-02 22:25 --------- d-----w c:\program files\Uniblue
2009-03-02 22:25 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Uniblue
2009-02-26 22:09 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 01:05 --------- d-----w c:\program files\Punch! Home Design - Platinum
2009-02-19 22:49 --------- d-----w c:\program files\VS Revo Group
2009-02-17 03:17 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-02-15 19:56 --------- d-----w c:\program files\ErrorSmart
2009-02-14 18:50 --------- d-----w c:\program files\Alwil Software
2009-02-14 18:04 --------- d-----w c:\program files\Network Associates
2009-02-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 03:59 --------- d-----w c:\program files\Common Files\Intuit
2009-02-09 03:59 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-02-09 03:59 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Intuit Canada
2009-02-09 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit Canada
2009-02-05 21:55 31,704 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-02-03 22:29 --------- d-----w c:\program files\Conduit
2009-01-28 00:59 --------- d-----w c:\program files\MP3 Player Utilities
2009-01-11 21:20 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-05-07 23:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-26_17.01.51.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-27 21:58:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_250.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-03-07 16:01 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-09 474112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Google Update"="c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-01 4998448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-01-05 336896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2008-11-04 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]

c:\documents and settings\Clairmonte Newton\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-01-14 95456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2007-11-15 44384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-11-09 221247]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-09 987136]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-11 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-09 692224]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-14 114768]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2007-11-09 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2007-11-09 62080]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-19 22:37:48 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-14 20560]
R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-01-12 3584]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-02-03 31704]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
S3 drhard;DRHARD;c:\windows\system32\drivers\drhard.sys [2007-11-25 23600]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [2009-02-05 30168]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-09 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-11-09 13532]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133ffa91-c4ce-11dd-a8e6-0018f3ab6c7d}]
\Shell\AutoRun\command - "H:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74cb99a8-8fb5-11dc-a707-0018f3ab6c7d}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-839522115-1003.job
- c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:12]

2008-04-19 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\QuickTax 2008\ic2008pp.dll
FF - ProfilePath - c:\documents and settings\Clairmonte Newton\Application Data\Mozilla\Firefox\Profiles\q54pqdrb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 18:15:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2009-03-27 18:17:10
ComboFix-quarantined-files.txt 2009-03-27 22:17:04
ComboFix2.txt 2009-03-26 21:02:54

Pre-Run: 70,065,070,080 bytes free
Post-Run: 70,049,308,672 bytes free

241 --- E O F --- 2009-03-11 02:53:21
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware