Active Connections
Proto Local Address Foreign Address State
TCP blackbeauty:epmap blackbeauty:0 LISTENING
TCP blackbeauty:microsoft-ds blackbeauty:0 LISTENING
TCP blackbeauty:1025 blackbeauty:0 LISTENING
TCP blackbeauty:2869 blackbeauty:0 LISTENING
TCP blackbeauty:1033 blackbeauty:0 LISTENING
TCP blackbeauty:5354 blackbeauty:0 LISTENING
TCP blackbeauty:12025 blackbeauty:0 LISTENING
TCP blackbeauty:12080 blackbeauty:0 LISTENING
TCP blackbeauty:12110 blackbeauty:0 LISTENING
TCP blackbeauty:12119 blackbeauty:0 LISTENING
TCP blackbeauty:12143 blackbeauty:0 LISTENING
TCP blackbeauty:12346 blackbeauty:0 LISTENING
TCP blackbeauty:27015 blackbeauty:0 LISTENING
TCP blackbeauty:netbios-ssn blackbeauty:0 LISTENING
TCP blackbeauty:1247 192.168.0.100:microsoft-ds ESTABLISHED
TCP blackbeauty:2869 192.168.0.1:1084 TIME_WAIT
TCP blackbeauty:2869 192.168.0.1:1085 TIME_WAIT
UDP blackbeauty:microsoft-ds *:*
UDP blackbeauty:isakmp *:*
UDP blackbeauty:1026 *:*
UDP blackbeauty:4500 *:*
UDP blackbeauty:9370 *:*
UDP blackbeauty:52441 *:*
UDP blackbeauty:ntp *:*
UDP blackbeauty:1027 *:*
UDP blackbeauty:1069 *:*
UDP blackbeauty:1900 *:*
UDP blackbeauty:ntp *:*
UDP blackbeauty:netbios-ns *:*
UDP blackbeauty:netbios-dgm *:*
UDP blackbeauty:1900 *:*
UDP blackbeauty:5353 *:*
GMER 1.0.15.14944 -
http://www.gmer.netRootkit scan 2009-03-26 20:13:00
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB321E6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB321E574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB321EA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB321E14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB321E64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB321E08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB321E0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB321E76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB321E72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB321E8AE]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49B4 4 Bytes JMP 89A8B321
.text ntoskrnl.exe!ZwYieldExecution + 452 804E4C8C 4 Bytes CALL A11BFFB2
? Combo-Fix.sys The system cannot find the file specified. !
.text win32k.sys!EngAcquireSemaphore + 2645 BF808959 5 Bytes JMP 8A6424D0
.text win32k.sys!EngFreeUserMem + 5502 BF80EE10 5 Bytes JMP 8A642430
.text win32k.sys!EngCreateBitmap + D95F BF8457CB 5 Bytes JMP 8A642610
.text win32k.sys!EngMultiByteToWideChar + 2F22 BF85273C 5 Bytes JMP 8A642750
.text win32k.sys!EngGradientFill + 5128 BF8B3C72 5 Bytes JMP 8A642570
.text win32k.sys!EngAlphaBlend + 9286 BF8C3127 5 Bytes JMP 8A6426B0
.text win32k.sys!PATHOBJ_vGetBounds + 74E3 BF8F009B 5 Bytes JMP 8A6427F0
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[984] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00F21B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PeerGuardian2\pg2.exe[472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe[572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe[632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [020F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [020F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [020F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\RapidSolution\Tunebite\Tunebite.exe[648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [020F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe[1652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[1772] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1772] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00372F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00372CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00372D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00372CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[2600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Sandboxie\SbieCtrl.exe[2692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02412F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02412CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02412D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02412CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[3460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[3640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\WordWeb\wweb32.exe[3864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HDD Health\HDDHealth.exe[3960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4092] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe[4112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe[4528] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[6204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\GMER\gmer.exe[6320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\atapi \Device\Ide\IdePort0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort2 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort3 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1f AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort4 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdePort5 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-a AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP4T1L0-12 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
---- EOF - GMER 1.0.15 ----
ComboFix 09-03-25.04 - Clairmonte Newton 2009-03-26 16:49:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1222 [GMT -4:00]
Running from: c:\documents and settings\Clairmonte Newton\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090314-0] *On-access scanning disabled* (Outdated)
* Created a new restore point
.
ADS - system32: deleted 1056 bytes in 2 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\pthreadGC2.dll
E:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_RKHIT
((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.
2009-03-20 19:09 . 2009-03-20 19:12 <DIR> d-------- c:\program files\HDD Health
2009-03-20 18:40 . 2009-03-20 19:11 <DIR> d-------- c:\program files\CCleaner
2009-03-15 20:10 . 2009-03-15 20:10 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\Simply Super Software
2009-03-15 20:10 . 2009-03-15 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-03-15 20:10 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-03-15 20:10 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-15 20:10 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-03-15 20:10 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-15 20:10 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-03-15 13:27 . 2009-03-15 20:19 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-15 13:20 . 2009-03-15 20:12 <DIR> d-------- c:\program files\Trojan Remover
2009-03-14 18:14 . 2009-03-14 18:14 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\WinPatrol
2009-03-14 18:13 . 2009-03-14 18:13 <DIR> d-------- c:\program files\BillP Studios
2009-03-14 17:00 . 2009-03-14 17:29 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\AdwareAlert
2009-03-12 00:55 . 2009-03-12 01:03 558 --a------ c:\windows\wininit.ini
2009-03-11 20:59 . 2009-03-11 20:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-09 23:01 . 2009-02-18 14:44 212,711 --a------ c:\windows\system32\nvapps.nvb
2009-03-09 22:56 . 2009-03-09 22:56 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-03-09 22:56 . 2009-03-09 22:56 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\SystemRequirementsLab
2009-03-08 14:12 . 2009-03-09 17:13 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-04 20:25 . 2009-03-04 20:26 <DIR> d-------- c:\documents and settings\Clairmonte Newton\FreePhoneLine
2009-03-03 19:48 . 2009-03-03 19:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\DivX
2009-03-02 21:23 . 2009-03-02 21:23 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-02 18:25 . 2009-03-02 18:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-02 18:24 . 2009-03-02 18:25 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2009-03-02 18:22 . 2009-03-02 18:23 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-02 18:22 . 2008-11-06 12:37 3,596,288 --a------ c:\windows\system32\qt-dx331.dll
2009-03-02 18:22 . 2008-09-24 14:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-03-02 18:22 . 2008-12-07 14:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-03-02 18:22 . 2008-11-06 12:33 684,032 --a------ c:\windows\system32\divx.dll
2009-03-02 18:22 . 2004-01-25 12:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-03-02 18:22 . 2008-09-16 15:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-03-02 18:22 . 2008-12-07 14:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-03-02 18:22 . 2007-09-20 20:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-03-02 18:22 . 2008-12-10 20:33 86,016 --a------ c:\windows\system32\dpl100.dll
2009-03-02 18:22 . 2009-02-09 14:56 67,584 --a------ c:\windows\system32\ff_vfw.dll
2009-03-02 18:22 . 2007-07-10 12:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-03-02 18:22 . 2008-10-03 08:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-02-27 23:07 . 2009-02-27 23:13 <DIR> d-------- c:\documents and settings\Clairmonte Newton\Application Data\InternetCalls
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 20:57 --------- d-----w c:\program files\PeerGuardian2
2009-03-26 20:52 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-03-26 20:41 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Tunebite
2009-03-26 20:10 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\skypePM
2009-03-23 20:10 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\LimeWire
2009-03-23 19:58 --------- d-----w c:\program files\BitComet
2009-03-15 17:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-15 17:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-15 17:10 --------- d-----w c:\program files\Perfect Uninstaller
2009-03-14 21:11 --------- d-----w c:\program files\Lavasoft
2009-03-14 21:11 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 02:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-07 20:01 --------- d-----w c:\program files\Hotspot Shield
2009-03-04 18:26 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Skype
2009-03-03 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-03 01:23 --------- d-----r c:\program files\Skype
2009-03-02 22:41 --------- d-----w c:\program files\QuickTax 2008
2009-03-02 22:33 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\vlc
2009-03-02 22:25 --------- d-----w c:\program files\Uniblue
2009-03-02 22:25 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Uniblue
2009-02-26 22:09 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 01:05 --------- d-----w c:\program files\Punch! Home Design - Platinum
2009-02-19 22:49 --------- d-----w c:\program files\VS Revo Group
2009-02-18 18:44 6,308,224 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2009-02-15 19:56 --------- d-----w c:\program files\ErrorSmart
2009-02-14 18:50 --------- d-----w c:\program files\Alwil Software
2009-02-14 18:04 --------- d-----w c:\program files\Network Associates
2009-02-14 18:04 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-09 03:59 --------- d-----w c:\program files\Common Files\Intuit
2009-02-09 03:59 --------- d-----w c:\program files\Common Files\AnswerWorks 4.0
2009-02-09 03:59 --------- d-----w c:\documents and settings\Clairmonte Newton\Application Data\Intuit Canada
2009-02-09 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit Canada
2009-02-05 21:55 31,704 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-02-03 22:29 --------- d-----w c:\program files\Conduit
2009-01-28 00:59 --------- d-----w c:\program files\MP3 Player Utilities
2009-01-11 21:20 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2007-11-28 17:54 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-05-07 23:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050720080508\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-03-07 16:01 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2007-11-09 474112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 1424648]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Google Update"="c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Tunebite"="c:\program files\RapidSolution\Tunebite\Tunebite.exe" [2008-02-01 4998448]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-01-05 336896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2008-11-04 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-21 1211784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
c:\documents and settings\Clairmonte Newton\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-01-14 95456]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2007-11-15 44384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-11-09 221247]
ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-09 987136]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-11 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-09 692224]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.tscc"= c:\progra~1\MpcStar\Codecs\tscc\tsccvid.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"7774:TCP"= 7774:TCP:BitComet 7774 TCP
"7774:UDP"= 7774:UDP:BitComet 7774 UDP
"10064:TCP"= 10064:TCP:BitComet 10064 TCP
"10064:UDP"= 10064:UDP:BitComet 10064 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-14 114768]
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2007-11-09 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2007-11-09 62080]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\
000.fcl [2007-09-19 22:37:48 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-14 20560]
R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-01-12 3584]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-02-03 31704]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
S3 drhard;DRHARD;c:\windows\system32\drivers\drhard.sys [2007-11-25 23600]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [2009-02-05 30168]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-09 176128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-11-09 13532]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PGFILTER
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133ffa91-c4ce-11dd-a8e6-0018f3ab6c7d}]
\Shell\AutoRun\command - "H:\Install FreeAgent Tools.exe" /run
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74cb99a8-8fb5-11dc-a707-0018f3ab6c7d}]
\Shell\AutoRun\command - "G:\Install FreeAgent Tools.exe" /run
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2009-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-484763869-839522115-1003.job
- c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 21:12]
2008-04-19 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-02 09:50]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-InternetCalls - c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe
MSConfigStartUp-Jsoqeye - c:\windows\Hhetiranoh.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\QuickTax 2008\ic2008pp.dll
FF - ProfilePath - c:\documents and settings\Clairmonte Newton\Application Data\Mozilla\Firefox\Profiles\q54pqdrb.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage -
hxxp://en-US.start2.mozilla.com/firefox ... S:officialFF - plugin: c:\documents and settings\Clairmonte Newton\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\MpcStar\Codecs\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-26 16:55:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\
000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\searchindexer.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Seagate\AutoBackup\MemeoBackup.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-03-26 17:02:53 - machine was rebooted [Clairmonte Newton]
ComboFix-quarantined-files.txt 2009-03-26 21:02:50
Pre-Run: 70,221,496,320 bytes free
Post-Run: 70,092,926,976 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
278 --- E O F --- 2009-03-11 02:53:21