Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

New Trojan Help! [RESOLVED]

Started by narco220 , Feb 21 2008 11:16 AM

  • This topic is locked This topic is locked

#1
narco220
Posted 21 February 2008 - 11:16 AM

narco220

    New Member

  • Member
  • Pip
  • 4 posts
I'm currently running vista and have been having this problem for a while now with no luck removeing it with nortan , nod32 , adaware
Internet explorer keeps popping up with blank pages and i don't mean just the odd 1 within a hour upto 25 pages can popup of which i can close them all but 1.

Heres my hijack this log and hope someone can help me out here ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:01, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 8234 bytes
  • 0

Advertisements

#2
Essexboy
Posted 21 February 2008 - 01:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I'll bite 'cos I love mysteries :)

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly


Your log shows no apparent malware so I will need to do a deeper analysis

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
narco220
Posted 22 February 2008 - 04:29 PM

narco220

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi and thanx for takein the time to help me out :)

Heres the Results you wanted:

Deckard's System Scanner v20071014.68
Run by PJ on 2008-02-22 22:24:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as PJ.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:52, on 22/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\TVersity\Media Server\TVersity.exe
C:\Users\PJ\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PJ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 8331 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 SBKUPNT - \??\c:\windows\system32\drivers\sbkupnt.sys

S3 pgfilter - \??\c:\program files\peerguardian2\pgfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe"

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Mass Storage Controller
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_81EF104D&REV_00\4&72BE960&0&1AF0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_81EF104D&REV_00\4&72BE960&0&1AF0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-02-22 22:08:05 248 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-01-22 and 2008-02-22 -----------------------------

2008-02-14 16:31:25 0 d-------- C:\Users\All Users\JollyBear
2008-02-14 16:30:53 0 d-------- C:\Program Files\Big City Adventure - Sydney Australia
2008-02-04 10:31:26 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-03 16:01:37 0 d-------- C:\Windows\system32\QuickTime
2008-02-03 16:01:29 0 d-------- C:\Windows\system32\Flash
2008-02-03 16:01:18 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-02-03 15:28:09 85960 --a------ C:\Windows\system32\build_dol.exe
2008-02-02 22:29:05 0 d-------- C:\Program Files\7-Zip
2008-02-02 21:55:17 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-02-02 21:55:11 0 d-------- C:\Program Files\Logitech
2008-02-02 21:32:53 0 d-------- C:\Users\All Users\Logishrd
2008-02-02 21:32:48 0 d-------- C:\Users\All Users\Logitech
2008-01-25 20:55:02 0 d-------- C:\Program Files\Windows Live Toolbar
2008-01-25 20:55:00 0 d-------- C:\Program Files\Windows Live Favorites
2008-01-25 20:53:22 0 d-------- C:\Windows\PCHEALTH
2008-01-25 20:50:10 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-25 20:49:43 0 d-------- C:\Program Files\Windows Live
2008-01-25 20:49:09 0 d-------- C:\Users\All Users\WLInstaller
2008-01-23 15:30:11 0 d-------- C:\Program Files\Blood Ties


-- Find3M Report ---------------------------------------------------------------

2008-02-22 10:38:03 0 d-------- C:\Users\PJ\AppData\Roaming\GrabIt
2008-02-21 19:06:14 2484 --a------ C:\Windows\bthservsdp.dat
2008-02-18 21:47:35 0 d-------- C:\Users\PJ\AppData\Roaming\Vso
2008-02-14 14:54:40 0 d-------- C:\Users\PJ\AppData\Roaming\dvdcss
2008-02-03 16:05:54 0 d-------- C:\Users\PJ\AppData\Roaming\Paltalk
2008-02-03 16:01:18 0 d-------- C:\Program Files\Common Files
2008-02-03 16:01:17 0 d-------- C:\Program Files\TechSmith
2008-01-26 11:42:37 0 d-------- C:\Program Files\exPressit S.E. 3.0
2008-01-23 16:00:16 0 d-------- C:\Users\PJ\AppData\Roaming\BloodTies
2008-01-23 15:14:17 0 d-------- C:\Users\PJ\AppData\Roaming\uTorrent
2008-01-15 13:54:50 0 d-------- C:\Program Files\Paltalk Messenger
2008-01-11 15:30:19 684 --a------ C:\Windows\mozver.dat
2008-01-11 15:30:17 0 d-------- C:\Program Files\DivX
2008-01-09 14:00:27 0 d-------- C:\Program Files\Windows Sidebar
2008-01-09 14:00:27 0 d-------- C:\Program Files\Windows Mail
2008-01-06 17:23:19 0 d-------- C:\Program Files\QuickPar
2008-01-05 22:14:48 0 d-------- C:\Users\PJ\AppData\Roaming\WinBatch
2008-01-05 17:04:23 0 d-------- C:\Users\PJ\AppData\Roaming\SecondLife
2008-01-05 17:03:02 0 d-------- C:\Users\PJ\AppData\Roaming\Mozilla
2008-01-05 17:01:23 0 d-------- C:\Program Files\SecondLife
2007-12-31 23:13:20 0 d-------- C:\Program Files\Red Kawa
2007-12-22 14:10:39 0 d-------- C:\Users\PJ\AppData\Roaming\Canon
2007-12-20 15:12:18 1215777 --a------ C:\SDFix.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [09/03/2007 18:53]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/11/2007 17:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [14/11/2007 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 13:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [07/11/2007 02:35]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [07/11/2007 02:35]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/10/2007 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/10/2007 16:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 13:21]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:35]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [18/09/2007 14:16]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/03/2007 13:49]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [17/11/2007 13:58]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:36]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 10:37]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [11/12/2007 20:34:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 11/01/2007 13:20 98304 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-22 22:27:06 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2045.56 MiB / 1291.51 MiB
Pagefile Memory (total/avail): 4307.93 MiB / 3444.2 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.7 MiB

C: is Fixed (NTFS) - 44.33 GiB total, 19.27 GiB free.
D: is Fixed (NTFS) - 48.83 GiB total, 9.9 GiB free.
E: is CDROM (No Media)
F: is Removable (FAT)
G: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - ST910021AS ATA Device - 93.16 GiB - 2 partitions
\PARTITION0 - Installable File System - 44.33 GiB - C:
\PARTITION1 (bootable) - Installable File System - 48.83 GiB - D:

\\.\PHYSICALDRIVE1 - Sony USB HS-CARD USB Device - 54.91 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 61.86 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\PJ\AppData\Roaming
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PD-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\PJ
LOCALAPPDATA=C:\Users\PJ\AppData\Local
LOGONSERVER=\\PD-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\PJ\AppData\Local\Temp
TMP=C:\Users\PJ\AppData\Local\Temp
USERDOMAIN=PD-PC
USERNAME=PJ
USERPROFILE=C:\Users\PJ
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

PJ (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
3D Fish School Screen Saver 3.92 --> "C:\Program Files\3D Fish School 3\unins000.exe"
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
ACE Mega CoDecS Pack --> "C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adaptec ASPI Layer 4.60(1021) --> C:\Windows\unins000.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}
Adobe Bridge CS3 --> MsiExec.exe /I{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}
Adobe Bridge Start Meeting --> MsiExec.exe /I{7F3A2319-79CF-4701-95FB-034E99281808}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{183B7569-90FB-4C56-9761-0EEB002CAB83}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{20B83B31-09C4-4F0E-9774-EF8A12A0A527}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{733D84D6-AAFD-4368-A1D0-F2734F6B9082}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Big City Adventure - Sydney Australia --> C:\Program Files\Big City Adventure - Sydney Australia\Uninstal.exe
Blood Ties --> C:\Program Files\Blood Ties\Uninstal.exe
Camtasia Studio 5 --> MsiExec.exe /I{784E6B0F-00EC-4950-95A2-BBA64F44EC48}
CanoScan Toolbox Ver4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Cinema Craft Encoder SP2 --> C:\PROGRA~1\CUSTOM~1\CINEMA~1\uinst.exe
CompuApps SwissKnife V3 --> C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
ConvertXtoDVD 2.2.2.256 --> "C:\Program Files\VSO1\ConvertXtoDVD\unins000.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Rebuilder --> "D:\DVD-RB PRO\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
exPressit S.E. 3.0 --> "C:\Program Files\exPressit S.E. 3.0\UninstallerData\Uninstall exPressit S.E. 3.0.exe"
ffdshow [rev 1324] [2007-07-01] --> "C:\Program Files\ffdshow\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GrabIt 1.7.1 Beta (build 960) --> "C:\Program Files\GrabIt\unins000.exe"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Users\PJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K74KJTYW\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Infinity USB 1.60 --> "C:\Program Files\Infinity USB\unins000.exe"
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Mystery Case Files - Madame Fate --> C:\Program Files\Mystery Case Files - Madame Fate\Uninstal.exe
Mystery in London --> "C:\Windows\Mystery in London\uninstall.exe" "/U:C:\Program Files\Mystery in London\Uninstall\uninstall.xml"
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PaltalkScene --> "C:\Windows\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PS3 Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
SecondLife (remove only) --> "C:\Program Files\SecondLife\uninst.exe" /P="SecondLife"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SideShow GMail --> MsiExec.exe /I{C0B71676-17F8-444B-8A54-314EB4EC1E72}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SMAC 1.2 --> C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SnagIt 8 --> MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
Sony Snymsico for Vista --> MsiExec.exe /I{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TVersity Codec Pack 1.1 --> C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 0.9.11.4 beta --> C:\Program Files\TVersity\Media Server\uninst.exe
VAIO Event Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9 -removeonly
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5757 / Error
Event Submitted/Written: 02/22/2008 09:30:33 PM
Event ID/Source: 33 / SideBySide
Event Description:
Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Event Record #/Type5749 / Success
Event Submitted/Written: 02/22/2008 09:07:21 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type5748 / Success
Event Submitted/Written: 02/22/2008 09:07:21 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type5745 / Success
Event Submitted/Written: 02/22/2008 09:07:16 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type5727 / Success
Event Submitted/Written: 02/21/2008 07:12:55 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type127827 / Error
Event Submitted/Written: 02/22/2008 10:23:56 PM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}PD-PCPJS-1-5-21-875403159-3494339148-3592138139-1000LocalHost (Using LRPC)

Event Record #/Type127826 / Error
Event Submitted/Written: 02/22/2008 10:23:22 PM
Event ID/Source: 10016 / DCOM
Event Description:
application-specificLocalActivation{1BE1F766-5536-11D1-B726-00C04FB926AF}PD-PCPJS-1-5-21-875403159-3494339148-3592138139-1000LocalHost (Using LRPC)

Event Record #/Type127825 / Error
Event Submitted/Written: 02/22/2008 10:23:22 PM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}PD-PCPJS-1-5-21-875403159-3494339148-3592138139-1000LocalHost (Using LRPC)

Event Record #/Type127823 / Error
Event Submitted/Written: 02/22/2008 10:22:47 PM
Event ID/Source: 10016 / DCOM
Event Description:
application-specificLocalActivation{1BE1F766-5536-11D1-B726-00C04FB926AF}PD-PCPJS-1-5-21-875403159-3494339148-3592138139-1000LocalHost (Using LRPC)

Event Record #/Type127822 / Error
Event Submitted/Written: 02/22/2008 10:22:47 PM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}PD-PCPJS-1-5-21-875403159-3494339148-3592138139-1000LocalHost (Using LRPC)



-- End of Deckard's System Scanner: finished at 2008-02-22 22:27:06 ------------
  • 0

#4
Essexboy
Posted 22 February 2008 - 04:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I think I see the culprit, so I will run a malware tool first and that may have to be followed by a deeper scan

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
narco220
Posted 23 February 2008 - 06:58 AM

narco220

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok done as requested without any problems.

Hows it looking?

ComboFix 08-02-23.2 - PJ 2008-02-23 12:33:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1291 [GMT 0:00]
Running from: C:\Users\PJ\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\PJ\AppData\Roaming\inst.exe
C:\Windows\system32\drivers\core.cache(169).dsk
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\system32\drivers\core.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 22:24 . 2008-02-22 22:24 <DIR> d-------- C:\Deckard
2008-02-16 10:38 . 2008-01-10 05:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 16:31 . 2008-02-14 16:31 <DIR> d-------- C:\Users\All Users\JollyBear
2008-02-14 16:31 . 2008-02-14 16:31 <DIR> d-------- C:\ProgramData\JollyBear
2008-02-14 16:30 . 2008-02-14 16:30 <DIR> d-------- C:\Program Files\Big City Adventure - Sydney Australia
2008-02-13 09:38 . 2008-02-13 09:38 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 09:38 . 2008-02-13 09:38 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 09:34 . 2008-02-13 09:34 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 09:33 . 2008-02-13 09:33 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 09:33 . 2008-02-13 09:33 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-04 10:31 . 2008-02-04 10:31 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-03 16:01 . 2008-02-03 16:01 <DIR> d-------- C:\Windows\System32\QuickTime
2008-02-03 16:01 . 2008-02-03 16:01 <DIR> d-------- C:\Windows\System32\Flash
2008-02-03 16:01 . 2008-02-03 16:01 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-02-03 16:01 . 2008-01-18 03:36 107,864 --a------ C:\Windows\System32\tsccvid.dll
2008-02-03 15:28 . 2008-02-03 15:28 85,960 --a------ C:\Windows\System32\build_dol.exe
2008-02-02 22:33 . 2008-02-13 11:37 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-02-02 22:29 . 2008-02-02 22:29 <DIR> d-------- C:\Program Files\7-Zip
2008-02-02 21:55 . 2008-02-02 21:55 <DIR> d-------- C:\Program Files\Logitech
2008-02-02 21:55 . 2008-02-02 22:32 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-02-02 21:32 . 2008-02-02 21:32 <DIR> d-------- C:\Users\All Users\Logitech
2008-02-02 21:32 . 2008-02-02 21:55 <DIR> d-------- C:\Users\All Users\Logishrd
2008-02-02 21:32 . 2008-02-02 21:32 <DIR> d-------- C:\ProgramData\Logitech
2008-02-02 21:32 . 2008-02-02 21:55 <DIR> d-------- C:\ProgramData\Logishrd
2008-01-25 20:55 . 2008-01-25 20:55 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-25 20:55 . 2008-01-25 20:55 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-25 20:53 . 2008-01-25 20:53 <DIR> d-------- C:\Windows\PCHEALTH
2008-01-25 20:50 . 2008-01-25 20:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-25 20:49 . 2008-01-25 20:49 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-01-25 20:49 . 2008-01-25 20:49 <DIR> d-------- C:\ProgramData\WLInstaller
2008-01-25 20:49 . 2008-01-25 20:53 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 15:30 . 2008-01-23 16:00 <DIR> d-------- C:\Users\PJ\AppData\Roaming\BloodTies
2008-01-23 15:30 . 2008-01-23 15:30 <DIR> d-------- C:\Program Files\Blood Ties

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 10:38 --------- d-----w C:\Users\PJ\AppData\Roaming\GrabIt
2008-02-19 12:10 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-18 21:47 --------- d-----w C:\Users\PJ\AppData\Roaming\Vso
2008-02-14 14:54 --------- d-----w C:\Users\PJ\AppData\Roaming\dvdcss
2008-02-13 09:36 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 09:36 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 09:36 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 09:36 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 09:36 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 09:36 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 09:36 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 09:36 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 09:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 09:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 09:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 09:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 09:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 09:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 09:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 09:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 09:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 09:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 09:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 09:31 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-03 16:05 --------- d-----w C:\Users\PJ\AppData\Roaming\Paltalk
2008-02-03 16:03 --------- d-----w C:\ProgramData\TechSmith
2008-02-03 16:01 --------- d-----w C:\Program Files\TechSmith
2008-01-26 11:42 --------- d-----w C:\Program Files\exPressit S.E. 3.0
2008-01-23 15:14 --------- d-----w C:\Users\PJ\AppData\Roaming\uTorrent
2008-01-15 13:54 --------- d-----w C:\Program Files\Paltalk Messenger
2008-01-11 15:30 --------- d-----w C:\Program Files\DivX
2008-01-09 14:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 14:00 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 13:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 13:22 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-06 17:23 --------- d-----w C:\Program Files\QuickPar
2008-01-05 22:14 --------- d-----w C:\Users\PJ\AppData\Roaming\WinBatch
2008-01-05 17:04 --------- d-----w C:\Users\PJ\AppData\Roaming\SecondLife
2008-01-05 17:01 --------- d-----w C:\Program Files\SecondLife
2007-12-31 23:13 --------- d-----w C:\Program Files\Red Kawa
2007-12-20 15:12 1,215,777 ----a-w C:\SDFix.exe
2007-11-17 14:14 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-17 14:14 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-04 18:45 47,360 ----a-w C:\Users\PJ\AppData\Roaming\pcouffin.sys
2007-11-01 16:45 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 13:21 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 14:16 171464]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-17 13:58 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-01 17:01 1006264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 02:35 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 02:35 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-11 20:34:40 10252288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-01-11 13:20 98304 C:\Windows\System32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2FA4B9F2-743B-4C8E-93DB-69738696A31B}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"UDP Query User{6ABC7585-0E08-46F4-AB03-3524362D2353}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"TCP Query User{E39AC0F4-639D-462C-80BA-D3B3BC3D384D}C:\program files\paltalk messenger\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"UDP Query User{4DE18C07-1F69-46A6-897B-5CA7E550957C}C:\program files\paltalk messenger\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"TCP Query User{B4788781-1CC7-47CF-9900-B8C4D7838CB3}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{435F2B89-6676-407B-8E77-4B7B6FAE867A}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"{14270465-7602-49E9-AB36-44803BCCE8AB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5FDEC569-7B48-4F30-83A2-5719E20BA8A4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3FA16D73-B0E8-4651-8A9F-A53CD36BA810}"= UDP:C:\Program Files\TVersity\Media Server\MediaServer.exe:MediaServer
"{157FBC2C-6DD8-4870-8A63-AE11ADAEEB43}"= TCP:C:\Program Files\TVersity\Media Server\MediaServer.exe:MediaServer
"{3ECBAE2F-C238-44DF-9758-1EE39B254F41}"= UDP:41952:Media server
"{6022DD13-1B49-4FF8-AF6E-CBA90358E177}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{988F6785-02CB-42DC-B25B-BAFD07B1C880}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{10DB7357-34A8-4E8D-90E3-167DFD46A24F}"= UDP:C:\Program Files\TVersity\Media Server\TVersity.exe:TVersity Media Server
"{4DB6174B-5905-40AF-8E9C-AC33B040BF78}"= TCP:C:\Program Files\TVersity\Media Server\TVersity.exe:TVersity Media Server
"{CF9498BB-C7D2-41D1-A97B-5E4A2163C2AD}"= UDP:C:\Program Files\ACE Mega CoDecS Pack\UtilitieS\vsconv.exe:VS Conv
"{37A9743F-189A-4EB9-8D6F-CE4A3B66DFEC}"= TCP:C:\Program Files\ACE Mega CoDecS Pack\UtilitieS\vsconv.exe:VS Conv
"TCP Query User{37036A37-FBEB-4F30-A0BC-04E47F72326B}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= UDP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"UDP Query User{7F9CE5CB-5CE9-4265-8F61-D25926F94A48}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= TCP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"{DB30CC80-80DF-4735-9D30-7BD6B9B95AE6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D9A5AFAA-857F-4E73-8BC0-D47DE0D7E498}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{4059A7AD-0109-4B3F-8152-2015F1D619A9}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= UDP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"UDP Query User{E83284CA-257C-415F-BB5E-068A42D6CDEA}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= TCP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"TCP Query User{E0685B02-C44E-4696-81E4-8A43FAF0ED60}C:\program files\paltalk messenger\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"UDP Query User{2449EF64-24AC-4F03-BA8E-D5B417924FE2}C:\program files\paltalk messenger\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"{DF02D38B-EFF3-451F-B31A-D7A51474BF8E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 SBKUPNT;SBKUPNT;C:\Windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 07:30]
S3 INFUSB;INFUSB;C:\Windows\system32\drivers\infusb_wlh_x86.sys [2007-09-11 11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 23:08:04 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 12:52:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-02-23 12:55:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 12:55:14
.
2008-02-22 09:13:33 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:35, on 23/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 8082 bytes
  • 0

#6
Essexboy
Posted 23 February 2008 - 09:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Much better :) A few more files to remove and a sweep of the registry should do it

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\System32\build_dol.exe
C:\Windows\System32\drivers\lvuvc.hs

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

FOLLOW THIS WITH

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : Combofix, Malwarebytes and a new Hijackthis log. Plus how is your system running now ?
  • 0

#7
narco220
Posted 23 February 2008 - 11:26 AM

narco220

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Systems running great again thanx for all your help :)

Heres the logs:

ComboFix 08-02-23.2 - PJ 2008-02-23 17:14:04.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1419 [GMT 0:00]
Running from: C:\Users\PJ\Desktop\ComboFix.exe
Command switches used :: C:\Users\PJ\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\build_dol.exe
C:\Windows\System32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\build_dol.exe
C:\Windows\System32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 22:24 . 2008-02-22 22:24 <DIR> d-------- C:\Deckard
2008-02-16 10:38 . 2008-01-10 05:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 16:31 . 2008-02-14 16:31 <DIR> d-------- C:\Users\All Users\JollyBear
2008-02-14 16:31 . 2008-02-14 16:31 <DIR> d-------- C:\ProgramData\JollyBear
2008-02-14 16:30 . 2008-02-14 16:30 <DIR> d-------- C:\Program Files\Big City Adventure - Sydney Australia
2008-02-13 09:38 . 2008-02-13 09:38 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 09:38 . 2008-02-13 09:38 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 09:34 . 2008-02-13 09:34 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 09:33 . 2008-02-13 09:33 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 09:33 . 2008-02-13 09:33 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-04 10:31 . 2008-02-04 10:31 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-03 16:01 . 2008-02-03 16:01 <DIR> d-------- C:\Windows\System32\QuickTime
2008-02-03 16:01 . 2008-02-03 16:01 <DIR> d-------- C:\Windows\System32\Flash
2008-02-03 16:01 . 2008-02-03 16:01 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-02-03 16:01 . 2008-01-18 03:36 107,864 --a------ C:\Windows\System32\tsccvid.dll
2008-02-02 22:29 . 2008-02-02 22:29 <DIR> d-------- C:\Program Files\7-Zip
2008-02-02 21:55 . 2008-02-02 21:55 <DIR> d-------- C:\Program Files\Logitech
2008-02-02 21:55 . 2008-02-02 22:32 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-02-02 21:32 . 2008-02-02 21:32 <DIR> d-------- C:\Users\All Users\Logitech
2008-02-02 21:32 . 2008-02-02 21:55 <DIR> d-------- C:\Users\All Users\Logishrd
2008-02-02 21:32 . 2008-02-02 21:32 <DIR> d-------- C:\ProgramData\Logitech
2008-02-02 21:32 . 2008-02-02 21:55 <DIR> d-------- C:\ProgramData\Logishrd
2008-01-25 20:55 . 2008-01-25 20:55 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-01-25 20:55 . 2008-01-25 20:55 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-25 20:53 . 2008-01-25 20:53 <DIR> d-------- C:\Windows\PCHEALTH
2008-01-25 20:50 . 2008-01-25 20:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-25 20:49 . 2008-01-25 20:49 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-01-25 20:49 . 2008-01-25 20:49 <DIR> d-------- C:\ProgramData\WLInstaller
2008-01-25 20:49 . 2008-01-25 20:53 <DIR> d-------- C:\Program Files\Windows Live
2008-01-23 15:30 . 2008-01-23 16:00 <DIR> d-------- C:\Users\PJ\AppData\Roaming\BloodTies
2008-01-23 15:30 . 2008-01-23 15:30 <DIR> d-------- C:\Program Files\Blood Ties

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 10:38 --------- d-----w C:\Users\PJ\AppData\Roaming\GrabIt
2008-02-19 12:10 --------- d-----w C:\ProgramData\DVD Shrink
2008-02-18 21:47 --------- d-----w C:\Users\PJ\AppData\Roaming\Vso
2008-02-14 14:54 --------- d-----w C:\Users\PJ\AppData\Roaming\dvdcss
2008-02-13 09:34 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 09:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 09:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 09:34 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 09:34 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 09:34 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 09:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 09:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 09:34 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 09:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 09:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 09:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 09:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 09:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 09:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 09:31 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 09:31 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 09:31 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 09:31 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-03 16:05 --------- d-----w C:\Users\PJ\AppData\Roaming\Paltalk
2008-02-03 16:03 --------- d-----w C:\ProgramData\TechSmith
2008-02-03 16:01 --------- d-----w C:\Program Files\TechSmith
2008-01-29 16:53 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-26 11:42 --------- d-----w C:\Program Files\exPressit S.E. 3.0
2008-01-23 15:14 --------- d-----w C:\Users\PJ\AppData\Roaming\uTorrent
2008-01-18 11:11 50,520 ----a-w C:\Windows\System32\csvidcap.dll
2008-01-15 13:54 --------- d-----w C:\Program Files\Paltalk Messenger
2008-01-11 15:30 --------- d-----w C:\Program Files\DivX
2008-01-09 14:00 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 14:00 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 13:22 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 13:22 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 13:21 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-06 17:23 --------- d-----w C:\Program Files\QuickPar
2008-01-05 22:14 --------- d-----w C:\Users\PJ\AppData\Roaming\WinBatch
2008-01-05 17:04 --------- d-----w C:\Users\PJ\AppData\Roaming\SecondLife
2008-01-05 17:01 --------- d-----w C:\Program Files\SecondLife
2007-12-31 23:13 --------- d-----w C:\Program Files\Red Kawa
2007-12-20 15:12 1,215,777 ----a-w C:\SDFix.exe
2007-12-20 13:47 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-12-12 11:57 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 11:57 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 11:57 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-17 14:14 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-17 14:14 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-04 18:45 47,360 ----a-w C:\Users\PJ\AppData\Roaming\pcouffin.sys
2007-11-01 16:45 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 13:21 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 14:16 171464]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-17 13:58 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-01 17:01 1006264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 02:35 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 02:35 81920]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2007-12-11 20:34:40 10252288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-01-11 13:20 98304 C:\Windows\System32\VESWinlogon.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2FA4B9F2-743B-4C8E-93DB-69738696A31B}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"UDP Query User{6ABC7585-0E08-46F4-AB03-3524362D2353}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
"TCP Query User{E39AC0F4-639D-462C-80BA-D3B3BC3D384D}C:\program files\paltalk messenger\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"UDP Query User{4DE18C07-1F69-46A6-897B-5CA7E550957C}C:\program files\paltalk messenger\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"TCP Query User{B4788781-1CC7-47CF-9900-B8C4D7838CB3}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{435F2B89-6676-407B-8E77-4B7B6FAE867A}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"{14270465-7602-49E9-AB36-44803BCCE8AB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5FDEC569-7B48-4F30-83A2-5719E20BA8A4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3FA16D73-B0E8-4651-8A9F-A53CD36BA810}"= UDP:C:\Program Files\TVersity\Media Server\MediaServer.exe:MediaServer
"{157FBC2C-6DD8-4870-8A63-AE11ADAEEB43}"= TCP:C:\Program Files\TVersity\Media Server\MediaServer.exe:MediaServer
"{3ECBAE2F-C238-44DF-9758-1EE39B254F41}"= UDP:41952:Media server
"{6022DD13-1B49-4FF8-AF6E-CBA90358E177}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{988F6785-02CB-42DC-B25B-BAFD07B1C880}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{10DB7357-34A8-4E8D-90E3-167DFD46A24F}"= UDP:C:\Program Files\TVersity\Media Server\TVersity.exe:TVersity Media Server
"{4DB6174B-5905-40AF-8E9C-AC33B040BF78}"= TCP:C:\Program Files\TVersity\Media Server\TVersity.exe:TVersity Media Server
"{CF9498BB-C7D2-41D1-A97B-5E4A2163C2AD}"= UDP:C:\Program Files\ACE Mega CoDecS Pack\UtilitieS\vsconv.exe:VS Conv
"{37A9743F-189A-4EB9-8D6F-CE4A3B66DFEC}"= TCP:C:\Program Files\ACE Mega CoDecS Pack\UtilitieS\vsconv.exe:VS Conv
"TCP Query User{37036A37-FBEB-4F30-A0BC-04E47F72326B}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= UDP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"UDP Query User{7F9CE5CB-5CE9-4265-8F61-D25926F94A48}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= TCP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"{DB30CC80-80DF-4735-9D30-7BD6B9B95AE6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D9A5AFAA-857F-4E73-8BC0-D47DE0D7E498}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{4059A7AD-0109-4B3F-8152-2015F1D619A9}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= UDP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"UDP Query User{E83284CA-257C-415F-BB5E-068A42D6CDEA}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe"= TCP:C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe:Nero MediaHome|Desc=Nero MediaHome
"TCP Query User{E0685B02-C44E-4696-81E4-8A43FAF0ED60}C:\program files\paltalk messenger\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"UDP Query User{2449EF64-24AC-4F03-BA8E-D5B417924FE2}C:\program files\paltalk messenger\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene|Desc=PaltalkScene
"{DF02D38B-EFF3-451F-B31A-D7A51474BF8E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 SBKUPNT;SBKUPNT;C:\Windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 13:56]
R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 07:30]
S3 INFUSB;INFUSB;C:\Windows\system32\drivers\infusb_wlh_x86.sys [2007-09-11 11:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 17:08:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 17:15:27
Windows 6.0.6000 NTFS

scanning hidden processes ...

LVPrcSrv.exe [25716]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 17:16:12
ComboFix-quarantined-files.txt 2008-02-23 17:16:10
ComboFix2.txt 2008-02-23 12:55:22
.
2008-02-22 09:13:33 --- E O F ---

Malwarebytes' Anti-Malware 1.05
Database version: 396

Scan type: Quick Scan
Objects scanned: 24637
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:09, on 23/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 8026 bytes



Which program do you recommend me to use in the future to keep infections at bay?

Edited by narco220, 23 February 2008 - 11:30 AM.

  • 0

#8
Essexboy
Posted 23 February 2008 - 12:40 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Which program do you recommend me to use in the future to keep infections at bay?

At a minimum the two in my list below Plus an ANTIVIRUS which I failed to notice that you did not have

Now the best part of the day ----- Your log now appears clean :)

You may now delete the programmes I had you download


Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#9
Essexboy
Posted 24 February 2008 - 06:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP