[jazzys]

Hi Guys, I have ended up with the virtumonde virus, trojan or whatever you call it.

I have ran the diagnostic tools and i think i have got rid of everything but two files that appear very stubborn.
I have ran hijack this and this is what i have.....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:49, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: (no name) - {1E66FDD7-0175-44C2-A267-8C29061C30C1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {C0638A71-4A63-47F8-B834-CA9407A3193D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {F624A598-F242-43BC-9A4F-B23EE645AD67} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\iosynsse.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA1311] command /c del "C:\WINDOWS\system32\urqQgggD.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8396] cmd /c del "C:\WINDOWS\system32\urqQgggD.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7047] command /c del "C:\WINDOWS\system32\bxwefmgp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2401] cmd /c del "C:\WINDOWS\system32\bxwefmgp.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1412.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [SpybotDeletingB1582] command /c del "C:\WINDOWS\system32\urqQgggD.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5175] cmd /c del "C:\WINDOWS\system32\urqQgggD.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1864] command /c del "C:\WINDOWS\system32\bxwefmgp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8560] cmd /c del "C:\WINDOWS\system32\bxwefmgp.dll_old"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kuunmv.dll obqezh.dll
O20 - Winlogon Notify: urqQgggD - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 9631 bytes


Please help, many thanks in advance

[Advertisements]

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[Rorschach112]

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[jazzys]

Thanks mate, i have got as far as downloading the combofix software.

I wasn't too sure what to do next as you mentioned the windows recovery console.
I'm not sure what i need to do, is it something i download?

I don't have a windows disk, i just recieved 2 recovery disks when i bought my laptop.

What do i do next?

Many thanks

Jazz

[Rorschach112]

Just run ComboFix

[jazzys]

Thanks, I ran Combofix and here is my log. Followed with a new Hijack this log.

ComboFix 08-08-27.05 - GEOFF 2008-08-28 16:20:46.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.501 [GMT 10:00]
Running from: C:\Documents and Settings\GEOFF\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\GEOFF\Application Data\inst.exe
C:\Documents and Settings\GEOFF\Application Data\macromedia\Flash Player\#SharedObjects\SQXT4256\bin.clearspring.com
C:\Documents and Settings\GEOFF\Application Data\macromedia\Flash Player\#SharedObjects\SQXT4256\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\GEOFF\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\GEOFF\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\essnysoi.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-27 05:06 . 2008-08-27 05:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-27 04:54 . 2008-08-27 04:54 <DIR> d-------- C:\WINDOWS\EHome
2008-08-26 19:49 . 2008-04-14 10:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-26 19:48 . 2008-04-14 10:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-26 19:47 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-08-26 19:46 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-26 16:39 . 2008-08-26 16:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 16:22 . 2008-08-26 16:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 16:22 . 2008-08-26 16:23 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Malwarebytes
2008-08-26 16:22 . 2008-08-26 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 16:22 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 16:22 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 15:00 . 2008-08-26 15:00 <DIR> d-------- C:\VundoFix Backups
2008-08-25 16:57 . 2008-08-25 16:57 153 --a------ C:\WINDOWS\wininit.ini
2008-08-25 16:01 . 2008-08-25 16:01 <DIR> d---s---- C:\Documents and Settings\The God file\UserData
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\Documents and Settings\The God file\Application Data\Acer
2008-08-25 15:34 . 2008-08-25 15:34 <DIR> d-------- C:\Documents and Settings\The God file
2008-08-24 20:52 . 2008-08-24 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-08-22 18:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-22 18:20 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-22 18:14 . 2008-08-22 18:14 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-16 19:03 . 2008-08-16 19:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-16 04:46 . 2008-04-12 05:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 06:14 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-12 16:49 . 2008-08-12 16:49 <DIR> d-------- C:\Program Files\Microsoft LifeChat
2008-08-12 16:47 . 2008-08-12 16:47 268 --ah----- C:\sqmdata01.sqm
2008-08-12 16:47 . 2008-08-12 16:47 244 --ah----- C:\sqmnoopt01.sqm
2008-08-12 16:35 . 2008-04-14 10:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-12 16:31 . 2008-08-12 16:31 <DIR> d-------- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-12 16:30 . 2008-08-12 16:30 <DIR> d-------- C:\Program Files\Windows Live
2008-08-12 16:30 . 2008-08-12 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 13:07 . 2008-08-08 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-08 13:06 . 2008-08-08 13:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-07 18:58 . 2008-08-07 18:58 <DIR> d-------- C:\Program Files\Uniblue
2008-08-07 18:58 . 2008-08-07 18:58 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Uniblue
2008-08-03 08:48 . 2008-08-03 08:48 <DIR> d-------- C:\Program Files\Real
2008-08-03 08:48 . 2008-08-03 08:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-03 08:48 . 2008-08-03 08:48 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-03 08:41 . 2008-08-03 08:43 12,883,464 --a------ C:\Program Files\rp10-bbc-en-setup.exe
2008-08-01 17:43 . 2008-08-01 17:43 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\TomTom
2008-08-01 17:43 . 2008-08-01 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-01 17:42 . 2008-08-01 17:42 <DIR> d-------- C:\Program Files\TomTom HOME 2
2008-08-01 17:29 . 2008-08-01 17:29 <DIR> d-------- C:\Program Files\TomTom HOME
2008-07-30 16:31 . 2008-07-30 16:31 <DIR> d---s---- C:\Documents and Settings\Ryan\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 00:04 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Apple Computer
2008-07-21 07:30 --------- d-----w C:\Program Files\proDAD
2008-07-21 07:21 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\proDAD
2008-07-21 07:18 --------- d-----w C:\Program Files\AdorageI-SAL
2008-07-21 07:18 --------- d-----w C:\Program Files\AdorageI-GfxDatas
2008-07-21 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-07-21 06:18 --------- d-----w C:\Program Files\Pinnacle
2008-07-21 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-07-16 06:51 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\skypePM
2008-07-16 06:49 22,414,120 ----a-w C:\Program Files\SkypeSetup.exe
2008-07-16 06:49 --------- d-----w C:\Program Files\Skype
2008-07-16 06:49 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-16 06:49 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Skype
2008-07-16 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-14 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-07-14 08:32 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\InstallShield
2008-07-14 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-07-14 08:29 --------- d-----w C:\Program Files\epson
2008-07-13 09:27 299,288 ----a-w C:\Program Files\GmailInstaller.exe
2008-07-13 09:27 --------- d-----w C:\Program Files\Google
2008-07-12 03:34 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\CyberLink
2008-07-12 03:27 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\LimeWire
2008-07-12 03:26 --------- d-----w C:\Program Files\Nero
2008-07-12 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-12 03:10 --------- d-----w C:\Program Files\Photodex Presenter
2008-07-12 03:10 --------- d-----w C:\Program Files\Photodex
2008-07-12 03:10 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Photodex
2008-07-12 03:10 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Netscape
2008-07-12 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-12 02:57 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-07-12 02:49 --------- d-----w C:\Program Files\PowerQuest
2008-07-11 22:28 47,360 ----a-w C:\Documents and Settings\GEOFF\Application Data\pcouffin.sys
2008-07-11 22:17 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-11 22:17 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Vso
2008-07-11 21:58 --------- d-----w C:\Program Files\Java
2008-07-11 21:55 --------- d-----w C:\Program Files\Common Files\Java
2008-07-11 21:47 --------- d-----w C:\Program Files\LimeWire
2008-07-11 20:46 --------- d-----w C:\Program Files\Picasa2
2008-07-11 04:56 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Ahead
2008-07-11 03:29 --------- d-----w C:\Program Files\DVD Decrypter
2008-07-11 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-11 01:59 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Azureus
2008-07-11 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-10 13:40 --------- d-----w C:\Program Files\AskPBar
2008-07-10 13:39 --------- d-----w C:\Program Files\Vuze
2008-07-10 13:39 --------- d-----w C:\Program Files\Trillian
2008-07-10 13:39 --------- d-----w C:\Program Files\AskSBar
2008-07-10 12:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-10 12:53 --------- d-----w C:\Program Files\DVD Shrink
2008-07-10 09:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-10 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 09:03 --------- d-----w C:\Program Files\Apple Software Update
2008-07-10 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-10 02:30 --------- d-----w C:\Program Files\Firefox 3.0
2008-07-08 07:20 --------- d-----w C:\Program Files\QuickTime
2008-07-08 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-08 07:18 --------- d-----w C:\Program Files\Lavasoft
2008-07-08 07:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 07:17 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-08 07:17 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-08 07:17 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-08 07:17 --------- d-----w C:\Program Files\Eset
2008-07-08 07:15 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-08 07:15 --------- d-----w C:\Program Files\Common Files\L&H
2008-07-08 07:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-08 07:15 --------- d-----w C:\Program Files\Ahead
2008-07-08 07:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-08 07:14 --------- d-----w C:\Program Files\Microsoft Works
2008-07-08 07:12 --------- d-----w C:\Program Files\iPhoto Plus 4
2008-07-08 07:12 --------- d-----w C:\Program Files\Elaborate Bytes
2008-07-08 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-08 07:10 --------- d-----w C:\Program Files\SlySoft
2008-07-08 07:05 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-08 07:05 --------- d-----w C:\Program Files\Common Files\Acer
2008-07-08 06:54 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Acer
2008-07-08 06:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acer
2008-07-08 06:52 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-08 06:52 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-07-08 06:52 --------- d-----w C:\Program Files\WinPCap
2008-07-08 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-07-08 06:51 --------- d-----w C:\Program Files\Launch Manager
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"EPSON Stylus CX5500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE" [2007-03-01 16:01 180736]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 09:42 9479448]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 15:51 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31 151552]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 15:05 729177]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 18:28 344064]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 11:58 3080192]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-01-09 18:23 589824]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-08 17:17 949376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 07:48 479232]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-03 08:48 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^GEOFF^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^GEOFF^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-12-21 15:02 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-12-28 05:14 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--------- 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-03 08:48 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 18:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-12-19 14:52 15797248 C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Trillian\\TRILLIAN.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c35009-5f9c-11dd-bc9a-0016d44c8a04}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2008-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-08 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42]

2008-08-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42]

2008-08-24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 09:14]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{7F4FF6D5-E71D-4B1A-AD0B-A660C1FD1837} - (no file)
Notify-urqQgggD - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\GEOFF\Application Data\Mozilla\Firefox\Profiles\wtcnlk7d.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.au
FF -: plugin - C:\Documents and Settings\GEOFF\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 16:25:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAM FILES\PHOTODEX\PROSHOWPRODUCER\SCSIACCESS.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-08-28 16:28:34 - machine was rebooted [GEOFF]
ComboFix-quarantined-files.txt 2008-08-28 06:28:28

Pre-Run: 61,415,391,232 bytes free
Post-Run: 61,313,515,520 bytes free

329 --- E O F --- 2008-08-27 19:32:59

________________________________________________________________________________
_______________________________________

Hijack this log....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:44, on 28/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1412.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 8405 bytes


Thanks again for your help.

jazzys

[Rorschach112]

Hello

Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[jazzys]

Here is the report from the Kaspersky scan.....


Friday, August 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 29, 2008 05:14:13
Records in database: 1160100
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 98556
Threat name 6
Infected objects 10
Suspicious objects 0
Duration of the scan 01:56:35

File name Threat name Threats count
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL/C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Total Guitar - CLASSIC TRACK_ Pink Floyd - Shine On You Crazy Diamond - Backing track.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-5745425-David Bowie - heroes.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Eset\infected\LOVQ4KAA.NQF Infected: not-a-virus:AdWare.Win32.BHO.cpv 1
C:\Program Files\Eset\infected\Z42C5RBA.NQF Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Eset\infected\21ZARBBA.NQF Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\System Volume Information\_restore{355F02C7-8ECE-4CC4-92A8-C69A60BA172C}\RP21\A0001473.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk 1
C:\System Volume Information\_restore{355F02C7-8ECE-4CC4-92A8-C69A60BA172C}\RP26\A0002847.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk 1
C:\System Volume Information\_restore{355F02C7-8ECE-4CC4-92A8-C69A60BA172C}\RP84\A0015839.exe Infected: Trojan.Win32.Monderb.grh 1
The selected area was scanned.



Thanks for all your help.

Jazzy

[Rorschach112]

Hello

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Total Guitar - CLASSIC TRACK_ Pink Floyd - Shine On You Crazy Diamond - Backing track.mp3
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-5745425-David Bowie - heroes.mp3

Folder::

DirLook::
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[jazzys]

Thanks again, here is the report


ComboFix 08-08-27.05 - GEOFF 2008-08-30 5:45:03.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.546 [GMT 10:00]
Running from: C:\Documents and Settings\GEOFF\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\GEOFF\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-5745425-David Bowie - heroes.mp3
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Total Guitar - CLASSIC TRACK_ Pink Floyd - Shine On You Crazy Diamond - Backing track.mp3
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-5745425-David Bowie - heroes.mp3
C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Total Guitar - CLASSIC TRACK_ Pink Floyd - Shine On You Crazy Diamond - Backing track.mp3
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.

2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-27 05:11 . 2008-08-27 05:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-27 05:06 . 2008-08-27 05:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-27 04:54 . 2008-08-27 04:54 <DIR> d-------- C:\WINDOWS\EHome
2008-08-26 19:49 . 2008-04-14 10:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-08-26 19:48 . 2008-04-14 10:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-26 19:47 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-08-26 19:46 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-26 16:39 . 2008-08-26 16:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 16:22 . 2008-08-26 16:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 16:22 . 2008-08-26 16:23 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Malwarebytes
2008-08-26 16:22 . 2008-08-26 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 16:22 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 16:22 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-26 15:00 . 2008-08-26 15:00 <DIR> d-------- C:\VundoFix Backups
2008-08-25 16:57 . 2008-08-25 16:57 153 --a------ C:\WINDOWS\wininit.ini
2008-08-25 16:01 . 2008-08-25 16:01 <DIR> d---s---- C:\Documents and Settings\The God file\UserData
2008-08-25 15:35 . 2008-08-25 15:35 <DIR> d-------- C:\Documents and Settings\The God file\Application Data\Acer
2008-08-25 15:34 . 2008-08-25 15:34 <DIR> d-------- C:\Documents and Settings\The God file
2008-08-24 20:52 . 2008-08-24 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-08-22 18:20 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-08-22 18:20 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-08-22 18:14 . 2008-08-22 18:14 <DIR> d-------- C:\Program Files\MSN Messenger
2008-08-16 19:03 . 2008-08-16 19:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-16 04:46 . 2008-04-12 05:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 06:14 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-08-12 16:49 . 2008-08-12 16:49 <DIR> d-------- C:\Program Files\Microsoft LifeChat
2008-08-12 16:47 . 2008-08-12 16:47 268 --ah----- C:\sqmdata01.sqm
2008-08-12 16:47 . 2008-08-12 16:47 244 --ah----- C:\sqmnoopt01.sqm
2008-08-12 16:35 . 2008-04-14 10:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-12 16:31 . 2008-08-12 16:31 <DIR> d-------- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-12 16:30 . 2008-08-12 16:30 <DIR> d-------- C:\Program Files\Windows Live
2008-08-12 16:30 . 2008-08-12 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-08 13:07 . 2008-08-08 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-08 13:06 . 2008-08-08 13:06 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-07 18:58 . 2008-08-07 18:58 <DIR> d-------- C:\Program Files\Uniblue
2008-08-07 18:58 . 2008-08-07 18:58 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\Uniblue
2008-08-03 08:48 . 2008-08-03 08:48 <DIR> d-------- C:\Program Files\Real
2008-08-03 08:48 . 2008-08-03 08:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-03 08:48 . 2008-08-03 08:48 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-03 08:41 . 2008-08-03 08:43 12,883,464 --a------ C:\Program Files\rp10-bbc-en-setup.exe
2008-08-01 17:43 . 2008-08-01 17:43 <DIR> d-------- C:\Documents and Settings\GEOFF\Application Data\TomTom
2008-08-01 17:43 . 2008-08-01 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-08-01 17:42 . 2008-08-01 17:42 <DIR> d-------- C:\Program Files\TomTom HOME 2
2008-08-01 17:29 . 2008-08-01 17:29 <DIR> d-------- C:\Program Files\TomTom HOME
2008-07-30 16:31 . 2008-07-30 16:31 <DIR> d---s---- C:\Documents and Settings\Ryan\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 00:04 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Apple Computer
2008-07-21 07:30 --------- d-----w C:\Program Files\proDAD
2008-07-21 07:21 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\proDAD
2008-07-21 07:18 --------- d-----w C:\Program Files\AdorageI-SAL
2008-07-21 07:18 --------- d-----w C:\Program Files\AdorageI-GfxDatas
2008-07-21 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-07-21 06:18 --------- d-----w C:\Program Files\Pinnacle
2008-07-21 06:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-07-16 06:51 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\skypePM
2008-07-16 06:49 22,414,120 ----a-w C:\Program Files\SkypeSetup.exe
2008-07-16 06:49 --------- d-----w C:\Program Files\Skype
2008-07-16 06:49 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-16 06:49 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Skype
2008-07-16 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-14 08:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-07-14 08:32 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\InstallShield
2008-07-14 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-07-14 08:29 --------- d-----w C:\Program Files\epson
2008-07-13 09:27 299,288 ----a-w C:\Program Files\GmailInstaller.exe
2008-07-13 09:27 --------- d-----w C:\Program Files\Google
2008-07-12 03:34 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\CyberLink
2008-07-12 03:27 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\LimeWire
2008-07-12 03:26 --------- d-----w C:\Program Files\Nero
2008-07-12 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-07-12 03:10 --------- d-----w C:\Program Files\Photodex Presenter
2008-07-12 03:10 --------- d-----w C:\Program Files\Photodex
2008-07-12 03:10 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Photodex
2008-07-12 03:10 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Netscape
2008-07-12 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-07-12 02:57 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-07-12 02:49 --------- d-----w C:\Program Files\PowerQuest
2008-07-11 22:28 47,360 ----a-w C:\Documents and Settings\GEOFF\Application Data\pcouffin.sys
2008-07-11 22:17 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-11 22:17 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Vso
2008-07-11 21:58 --------- d-----w C:\Program Files\Java
2008-07-11 21:55 --------- d-----w C:\Program Files\Common Files\Java
2008-07-11 21:47 --------- d-----w C:\Program Files\LimeWire
2008-07-11 20:46 --------- d-----w C:\Program Files\Picasa2
2008-07-11 04:56 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Ahead
2008-07-11 03:29 --------- d-----w C:\Program Files\DVD Decrypter
2008-07-11 02:00 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-11 01:59 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Azureus
2008-07-11 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-10 13:40 --------- d-----w C:\Program Files\AskPBar
2008-07-10 13:39 --------- d-----w C:\Program Files\Vuze
2008-07-10 13:39 --------- d-----w C:\Program Files\Trillian
2008-07-10 13:39 --------- d-----w C:\Program Files\AskSBar
2008-07-10 12:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-10 12:53 --------- d-----w C:\Program Files\DVD Shrink
2008-07-10 09:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-10 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-10 09:03 --------- d-----w C:\Program Files\Apple Software Update
2008-07-10 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-10 02:30 --------- d-----w C:\Program Files\Firefox 3.0
2008-07-08 07:20 --------- d-----w C:\Program Files\QuickTime
2008-07-08 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-08 07:18 --------- d-----w C:\Program Files\Lavasoft
2008-07-08 07:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 07:17 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-08 07:17 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-08 07:17 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-08 07:17 --------- d-----w C:\Program Files\Eset
2008-07-08 07:15 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-08 07:15 --------- d-----w C:\Program Files\Common Files\L&H
2008-07-08 07:15 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-08 07:15 --------- d-----w C:\Program Files\Ahead
2008-07-08 07:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-08 07:14 --------- d-----w C:\Program Files\Microsoft Works
2008-07-08 07:12 --------- d-----w C:\Program Files\iPhoto Plus 4
2008-07-08 07:12 --------- d-----w C:\Program Files\Elaborate Bytes
2008-07-08 07:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-07-08 07:10 --------- d-----w C:\Program Files\SlySoft
2008-07-08 07:05 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-08 07:05 --------- d-----w C:\Program Files\Common Files\Acer
2008-07-08 06:54 --------- d-----w C:\Documents and Settings\GEOFF\Application Data\Acer
2008-07-08 06:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acer
2008-07-08 06:52 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-08 06:52 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-07-08 06:52 --------- d-----w C:\Program Files\WinPCap
2008-07-08 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-07-08 06:51 --------- d-----w C:\Program Files\Launch Manager
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete ----

2008-08-24 17:17 1022703 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-5400996-Labi Siffre-Something inside so strong.mp3
2008-08-24 15:12 2097151 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-16839703-Pink Floyd- Shine On You Crazy Diamond .mp3
2008-08-24 15:09 1056768 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\T-26515077-Shine On You Crazy Diamond (Steel Breeze Remix).mp3
2008-08-24 15:08 704511 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-13036412-Shine On You Crazy Diamond.mp3
2008-08-24 15:08 11613560 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\T-13036412-Shine On You Crazy Diamond.mp3
2008-08-24 12:30 3670015 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-3926183-Copy of U2 - It's A Beautiful Day.mp3
2008-08-24 12:27 1944303 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-5745425-David Bowie - heroes.mp3
2008-07-26 21:26 4980736 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\T-5091303-The Presets - This Boy's In Love.mp3
2008-07-26 21:25 1329604 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-5091303-The Presets - This Boy's In Love.mp3
2008-07-18 05:56 7099150 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\T-7099150-Coldplay - Fix You (Album Version).mp3
2008-07-18 05:42 921599 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\Preview-T-7099150-Coldplay - Fix You (Album Version).mp3
2008-07-17 19:52 0 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\T-4736731-U2 - With or Without You.mp3
2008-07-17 19:51 6553600 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\T-6846210-10 Open Your Eyes.mp3
2008-07-12 13:32 0 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Incomplete\T-5745425-max and paddy like a virgin.mp3

---- Directory of C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved ----

2008-08-24 17:18 5400996 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Labi Siffre-Something inside so strong.mp3
2008-08-24 16:56 6765505 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\The Beatles - Hey Jude.mp3
2008-08-24 16:55 2809494 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\The Beatles - So Happy Together.mp3
2008-08-24 16:55 2209792 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\The Beatles - Help!.mp3
2008-08-24 15:19 16839703 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Pink Floyd- Shine On You Crazy Diamond .mp3
2008-08-24 13:44 13036402 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Pink Floyd - Shine On You Crazy Diamond.mp3
2008-08-24 13:43 5745425 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Total Guitar - CLASSIC TRACK_ Pink Floyd - Shine On You Crazy Diamond - Backing track.mp3
2008-07-17 23:05 5468288 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\faker - this heart attack.mp3
2008-07-17 22:34 6830669 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Snow Patrol - Open Your Eyes.mp3
2008-07-17 22:22 4739077 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\U2 - With or Without You(1).mp3
2008-07-17 21:58 5422660 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\U2 - Where The Streets Have No Name.mp3
2008-07-17 21:54 4520944 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Snow Patrol - spitting games.mp3
2008-07-17 20:01 4459756 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\U2 - I Still Haven't Found What I'm Looking For.mp3
2008-07-17 19:57 4093202 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\U2 with BB King - When Love Comes To Town.mp3
2008-07-17 19:56 4161536 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Mary J Blige and U2 - One Love.mp3
2008-07-17 19:54 7325696 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\u2-sometimes you cant make it on your own.mp3
2008-07-17 19:53 5551166 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Stereophonics - Hand Bags And Glad Rags.mp3
2008-07-17 19:48 4231881 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Travis - Turn.mp3
2008-07-17 19:46 5632000 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Three Doors Down - Kryptonite.mp3
2008-07-17 19:44 3814835 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Travis - Closer.mp3
2008-07-17 19:43 6303880 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Snow patrol -youre all i have.mp3
2008-07-17 19:43 5361499 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Snow Patrol- Chasing Cars.mp3
2008-07-17 19:43 3797120 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Snow Patrol - Signal Fire.mp3
2008-07-17 19:42 6558585 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Stereophonics - Maybe Tomorrow.mp3
2008-07-17 19:41 4743305 --a------ C:\Documents and Settings\GEOFF\My Documents\LimeWire\Saved\Stereophonics - Dakota.mp3


((((((((((((((((((((((((((((( snapshot@2008-08-28_16.27.36.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-28 03:52:12 54,288 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-29 19:40:10 54,288 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-28 03:52:12 382,902 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-29 19:40:10 382,902 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"EPSON Stylus CX5500 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE" [2007-03-01 16:01 180736]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 09:42 9479448]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 15:51 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 05:00 455168]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31 151552]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 15:05 729177]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55 118784]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 09:30 69632]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 18:28 344064]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 11:58 3080192]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-01-09 18:23 589824]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-08 17:17 949376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 07:48 479232]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-03 08:48 185632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^GEOFF^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^GEOFF^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-12-21 15:02 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2004-12-28 05:14 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--------- 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
--a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 10:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-08-03 08:48 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 18:42 202088 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-12-19 14:52 15797248 C:\WINDOWS\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Trillian\\TRILLIAN.EXE"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 16:57]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 16:57]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c35009-5f9c-11dd-bc9a-0016d44c8a04}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-07-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-08 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42]

2008-08-24 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 09:42]

2008-08-24 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 09:14]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 05:48:02
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-30 5:49:06
ComboFix-quarantined-files.txt 2008-08-29 19:49:02
ComboFix2.txt 2008-08-28 06:28:38

Pre-Run: 60,431,335,424 bytes free
Post-Run: 60,480,651,264 bytes free

339 --- E O F --- 2008-08-27 19:32:59

[Rorschach112]

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Make sure you have an Internet Connection.
• Download OTCleanIt to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

[jazzys]

Thank you so much for your help, i will be making a donation shortly.

You mention at the bottom of your post about MVPSHost file. I had a look the page the link took me to but i'm not sure if i was supposed to do something when i got to the page. Wasn't sure if it was something i just had to read or whether i was supposed to be downloading something.

Thanks again

Jazzy

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.