[undun40cal]

I just woke up and walked by my comp to the sound of McAfee dinging, saying it quarantined something (Vundu.gen). Now when i open FireFox 3 i get massive pop-ups. Also, i cannot turn on "Automatic Updates" for Windows. Any help will be great! Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:58 PM, on 10/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [6c262c0f] rundll32.exe "C:\WINDOWS\system32\swkrljwe.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Admin\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescam...GamesCampus.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame...ch_USAv1002.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: gkyuut.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15500 bytes

[Essexboy]

Hi there I will start with the big guns on this one first of all to kill or cripple as amuch as possible in one go

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[undun40cal]

Here it is.


ComboFix 08-10-19.04 - Admin 2008-10-21 21:10:29.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.488 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\Gancked\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Application Data\inst.exe
C:\install.exe
C:\Program Files\INSTALL.LOG
C:\WINDOWS\BM6f151f93.txt
C:\WINDOWS\Pt.dll
C:\WINDOWS\system32\byXPFUlM.dll
C:\WINDOWS\system32\ewjlrkws.ini
C:\WINDOWS\system32\fgijlnnn.ini
C:\WINDOWS\system32\fgijlnnn.ini2
C:\WINDOWS\system32\gkyuut.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\jfhiceog.dll
C:\WINDOWS\system32\nnnljigf.dll
C:\WINDOWS\system32\qoMdccbb.dll
C:\WINDOWS\system32\swkrljwe.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.

2008-10-16 09:13 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 09:13 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 09:13 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 09:13 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 09:13 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:13 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 01:18 . 2007-04-04 18:39 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-10-13 13:51 . 2008-04-14 05:41 1,689,088 --ah---t- C:\WINDOWS\system32\389bf83.dll
2008-10-13 13:51 . 2008-04-14 05:41 1,689,088 --ah---t- C:\WINDOWS\system32\33f4918c.dll
2008-10-13 13:51 . 2008-04-14 05:42 82,432 --ah---t- C:\WINDOWS\system32\215d76d0.dll
2008-10-13 13:51 . 2008-04-14 05:42 82,432 --ah---t- C:\WINDOWS\system32\17ce737d.dll
2008-10-13 06:13 . 2008-04-14 05:41 1,689,088 --ah---t- C:\WINDOWS\system32\2f4b8d7c.dll
2008-10-13 06:13 . 2008-04-14 05:41 1,689,088 --ah---t- C:\WINDOWS\system32\2079eb25.dll
2008-10-13 06:13 . 2008-04-14 05:42 82,432 --ah---t- C:\WINDOWS\system32\bd25ba4.dll
2008-10-13 06:13 . 2008-04-14 05:42 82,432 --ah---t- C:\WINDOWS\system32\30c97a0.dll
2008-10-12 19:09 . 2008-10-12 19:09 <DIR> d-------- C:\Program Files\Vision Video Games
2008-10-12 11:42 . 2008-10-12 11:42 <DIR> d-------- C:\Program Files\Enlight
2008-10-12 00:44 . 2008-10-12 21:59 <DIR> d-------- C:\Program Files\WarRock
2008-10-11 05:12 . 2008-10-11 05:12 <DIR> d-------- C:\Program Files\Playlogic
2008-10-10 07:46 . 2008-10-10 08:05 <DIR> d-------- C:\Program Files\Drug Wars
2008-10-09 08:19 . 2008-10-09 08:19 <DIR> d-------- C:\fsaua.data
2008-10-09 08:11 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-09 08:08 . 2008-10-09 08:09 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-08 20:47 . 2008-10-08 20:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-07 18:52 . 2008-10-07 18:52 1,689,088 --a------ C:\WINDOWS\system32\3045420.dll
2008-10-01 20:52 . 2008-10-01 20:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-10-01 20:43 . 2008-10-01 20:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-10-01 20:42 . 2008-10-14 08:02 <DIR> d-------- C:\Program Files\Xfire
2008-10-01 20:42 . 2008-10-13 23:34 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-09-27 12:15 . 2008-09-27 12:15 <DIR> d-------- C:\Program Files\Aspyr Media, Inc
2008-09-25 18:11 . 2008-09-25 18:11 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-25 18:10 . 2008-09-25 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-23 23:56 . 2008-09-23 23:56 <DIR> d-------- C:\Program Files\2K Games
2008-09-22 17:40 . 2006-04-11 04:49 118,784 --a------ C:\WINDOWS\system32\PTTreeIcons.dll
2008-09-22 17:39 . 2008-09-22 17:41 <DIR> d-------- C:\Program Files\Kids Cam Show and Share Creativity Center
2008-09-22 17:34 . 2008-04-14 05:42 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-09-22 17:34 . 2008-04-14 05:42 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\MyDSC2
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\Mars
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\JL2005C
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\JL2005B

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 01:28 --------- d-----w C:\Program Files\lx_cats
2008-10-21 17:58 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-10-21 17:57 --------- d-----w C:\Program Files\EA GAMES
2008-10-21 07:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-20 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 16:39 --------- d-----w C:\Program Files\Electronic Arts
2008-10-19 02:52 --------- d-----w C:\Documents and Settings\Admin\Application Data\Vso
2008-10-17 05:19 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-10-17 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 07:42 --------- d-----w C:\Program Files\Cheat Engine
2008-10-13 02:52 --------- d-----w C:\Program Files\The Logo Creator v5
2008-10-13 01:52 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-09 12:11 --------- d-----w C:\Program Files\Panda Security
2008-10-09 08:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-10-01 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek
2008-09-30 21:14 --------- d-----w C:\Program Files\McAfee
2008-09-27 22:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-25 22:12 --------- d-----w C:\Program Files\QuickTime
2008-09-24 01:40 --------- d-----w C:\Program Files\Ulead Systems
2008-09-24 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-24 01:39 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-09-24 01:35 --------- d-----w C:\Program Files\Hasbro Interactive
2008-09-22 05:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\IGN_DLM
2008-09-22 03:50 --------- d-----w C:\Program Files\SilentMusicBand
2008-09-21 02:20 --------- d-----w C:\Program Files\Download Manager
2008-09-18 23:10 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nexon
2008-09-18 23:08 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-09-17 15:35 --------- d-----w C:\Program Files\GameSpy Arcade
2008-09-17 14:32 --------- d-----w C:\Program Files\DrExplain
2008-09-14 22:51 --------- d-----w C:\Program Files\SiteAdvisor
2008-09-14 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-14 21:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\SiteAdvisor
2008-09-14 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-13 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-12 21:38 --------- d-----w C:\Program Files\Restaurant Empire
2008-09-10 06:44 24 ----a-w C:\Documents and Settings\Admin\jagex_runescape_preferences.dat
2008-09-09 01:35 --------- d-----w C:\Program Files\eMule
2008-09-09 01:06 --------- d-----w C:\Program Files\LoveChess Age Of Egypt
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 02:03 --------- d-----w C:\Program Files\Tropico 2 Pirate Cove
2008-09-06 23:12 --------- d-----w C:\Program Files\Tropico
2008-09-06 11:56 --------- d-----w C:\Program Files\Common Files\River Past
2008-09-06 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-09-06 07:34 --------- d-----w C:\Documents and Settings\Admin\Application Data\River Past G5
2008-09-06 07:31 162,842 ----a-w C:\WINDOWS\Animated GIF Converter and Booster Pack Uninstaller.exe
2008-09-06 07:30 --------- d-----w C:\Program Files\River Past
2008-09-06 05:03 166,718 ----a-w C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-09-06 03:45 --------- d-----w C:\Program Files\123 AVI to GIF Converter
2008-09-04 02:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\SPORE
2008-08-30 21:30 --------- d-----w C:\Program Files\DreamCatcher
2008-08-29 23:07 --------- d-----w C:\Documents and Settings\Admin\Application Data\mIRC
2008-08-29 22:57 --------- d-----w C:\Program Files\mIRC
2008-08-28 01:00 --------- d-----w C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-08-28 00:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-28 00:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 01:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-24 00:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\Apple Computer
2008-08-24 00:03 --------- d-----w C:\Program Files\AC3Filter
2008-08-23 23:37 --------- d-----w C:\Program Files\XviD
2008-08-23 16:28 --------- d-----w C:\Program Files\KC Softwares
2008-08-15 21:29 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-10 06:26 8 --sh--r C:\Documents and Settings\All Users\Application Data\067DFED2B0.sys
2008-06-02 19:50 47,360 ----a-w C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2003-12-18 15:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 11:46 10,960 ----a-w C:\Program Files\EULA.txt
2008-05-29 18:18 56 --sh--r C:\WINDOWS\system32\B0D2FE7D06.sys
2008-05-31 00:37 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-07-10 08:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071020080711\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-29 91440]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-04-11 110592]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-29 91440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gkyuut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"VIDC.JDCT"= jl_jdct.drv
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\SoulseekNS\\slsk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Documents and Settings\\Owner\\Desktop\\Gancked\\3D Live Pool v2.3\\3D Live Pool\\3D Live Pool\\3D Live Pool.exe"=
"C:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"C:\\Program Files\\River Past\\Animated GIF Converter and Booster Pack\\VideoCleaner.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 NVR0FLASHDev;NVR0FLASHDev;C:\WINDOWS\nvflash.sys [2008-05-23 36640]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 UpdateCenterService;Update Center Service;C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-04-10 62794]
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys [ ]
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-10-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5ba4cf58-481e-4937-9fb2-bdb62d3e2b60} - C:\WINDOWS\system32\gkyuut.dll
BHO-{709AC775-99A5-404F-A2DB-4C3810AB7709} - C:\WINDOWS\system32\nnnljigf.dll
BHO-{FBFD382A-AC6E-4EB7-8944-F97D358B378D} - C:\WINDOWS\system32\qoMdccbb.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-6c262c0f - C:\WINDOWS\system32\swkrljwe.dll
ShellExecuteHooks-{FBFD382A-AC6E-4EB7-8944-F97D358B378D} - C:\WINDOWS\system32\qoMdccbb.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\2ltcqr6f.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - C:\Program Files\Download Manager\npfpdlm.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 21:28:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-10-21 21:42:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-22 01:42:04
ComboFix2.txt 2008-07-10 05:39:11

Pre-Run: 15,017,455,616 bytes free
Post-Run: 14,934,302,720 bytes free

320 --- E O F --- 2008-10-17 05:06:59

[Essexboy]

A few more to kill

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\389bf83.dll
C:\WINDOWS\system32\33f4918c.dll
C:\WINDOWS\system32\215d76d0.dll
C:\WINDOWS\system32\17ce737d.dll
C:\WINDOWS\system32\2f4b8d7c.dll
C:\WINDOWS\system32\2079eb25.dll
C:\WINDOWS\system32\bd25ba4.dll
C:\WINDOWS\system32\30c97a0.dll
C:\WINDOWS\system32\3045420.dll
C:\WINDOWS\system32\drivers\srv.sys
C:\WINDOWS\system32\gkyuut.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.

[undun40cal]

I did what was required above and the comp crashed at some point (I went AFK while it worked) but when i came back there was no log. All i got was a WER (Windows error report) box. So i ran it again. Below is what i got.

ComboFix 08-10-21.04 - Admin 2008-10-22 10:00:36.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.455 [GMT -4:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\My Documents\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\17ce737d.dll
C:\WINDOWS\system32\2079eb25.dll
C:\WINDOWS\system32\215d76d0.dll
C:\WINDOWS\system32\2f4b8d7c.dll
C:\WINDOWS\system32\3045420.dll
C:\WINDOWS\system32\30c97a0.dll
C:\WINDOWS\system32\33f4918c.dll
C:\WINDOWS\system32\389bf83.dll
C:\WINDOWS\system32\bd25ba4.dll
C:\WINDOWS\system32\drivers\srv.sys
C:\WINDOWS\system32\gkyuut.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\srv.sys
.
---- Previous Run -------
.
C:\WINDOWS\system32\17ce737d.dll
C:\WINDOWS\system32\2079eb25.dll
C:\WINDOWS\system32\215d76d0.dll
C:\WINDOWS\system32\2f4b8d7c.dll
C:\WINDOWS\system32\3045420.dll
C:\WINDOWS\system32\30c97a0.dll
C:\WINDOWS\system32\33f4918c.dll
C:\WINDOWS\system32\389bf83.dll
C:\WINDOWS\system32\bd25ba4.dll
C:\WINDOWS\system32\drivers\srv.sys

.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.

2008-10-16 09:13 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 09:13 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 09:13 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 09:13 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 09:13 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:13 . 2008-09-08 06:41 333,824 --a--c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 01:18 . 2007-04-04 18:39 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-10-12 19:09 . 2008-10-12 19:09 <DIR> d-------- C:\Program Files\Vision Video Games
2008-10-12 11:42 . 2008-10-12 11:42 <DIR> d-------- C:\Program Files\Enlight
2008-10-12 00:44 . 2008-10-12 21:59 <DIR> d-------- C:\Program Files\WarRock
2008-10-11 05:12 . 2008-10-11 05:12 <DIR> d-------- C:\Program Files\Playlogic
2008-10-10 07:46 . 2008-10-10 08:05 <DIR> d-------- C:\Program Files\Drug Wars
2008-10-09 08:19 . 2008-10-09 08:19 <DIR> d-------- C:\fsaua.data
2008-10-09 08:11 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-10-09 08:08 . 2008-10-09 08:09 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-10-08 20:47 . 2008-10-08 20:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-01 20:52 . 2008-10-01 20:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-10-01 20:43 . 2008-10-01 20:43 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-10-01 20:42 . 2008-10-14 08:02 <DIR> d-------- C:\Program Files\Xfire
2008-10-01 20:42 . 2008-10-13 23:34 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-09-27 12:15 . 2008-09-27 12:15 <DIR> d-------- C:\Program Files\Aspyr Media, Inc
2008-09-25 18:11 . 2008-09-25 18:11 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-25 18:10 . 2008-09-25 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-23 23:56 . 2008-09-23 23:56 <DIR> d-------- C:\Program Files\2K Games
2008-09-22 17:40 . 2006-04-11 04:49 118,784 --a------ C:\WINDOWS\system32\PTTreeIcons.dll
2008-09-22 17:39 . 2008-09-22 17:41 <DIR> d-------- C:\Program Files\Kids Cam Show and Share Creativity Center
2008-09-22 17:34 . 2008-04-14 05:42 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2008-09-22 17:34 . 2008-04-14 05:42 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\MyDSC2
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\Mars
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\JL2005C
2008-09-22 17:00 . 2008-09-22 17:00 <DIR> d-------- C:\Program Files\JL2005B

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 14:07 --------- d-----w C:\Program Files\lx_cats
2008-10-22 13:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-22 13:49 --------- d-----w C:\Documents and Settings\Admin\Application Data\uTorrent
2008-10-22 08:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-21 17:57 --------- d-----w C:\Program Files\EA GAMES
2008-10-20 16:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-20 16:39 --------- d-----w C:\Program Files\Electronic Arts
2008-10-19 02:52 --------- d-----w C:\Documents and Settings\Admin\Application Data\Vso
2008-10-17 05:19 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-10-17 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 07:42 --------- d-----w C:\Program Files\Cheat Engine
2008-10-13 02:52 --------- d-----w C:\Program Files\The Logo Creator v5
2008-10-13 01:52 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-09 12:11 --------- d-----w C:\Program Files\Panda Security
2008-10-09 08:12 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SACore
2008-10-01 02:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Soulseek
2008-09-30 21:14 --------- d-----w C:\Program Files\McAfee
2008-09-27 22:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-25 22:12 --------- d-----w C:\Program Files\QuickTime
2008-09-24 01:40 --------- d-----w C:\Program Files\Ulead Systems
2008-09-24 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-24 01:39 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-09-24 01:35 --------- d-----w C:\Program Files\Hasbro Interactive
2008-09-22 05:11 --------- d-----w C:\Documents and Settings\Admin\Application Data\IGN_DLM
2008-09-22 03:50 --------- d-----w C:\Program Files\SilentMusicBand
2008-09-21 02:20 --------- d-----w C:\Program Files\Download Manager
2008-09-18 23:10 --------- d-----w C:\Documents and Settings\Admin\Application Data\Nexon
2008-09-18 23:08 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-09-17 15:35 --------- d-----w C:\Program Files\GameSpy Arcade
2008-09-17 14:32 --------- d-----w C:\Program Files\DrExplain
2008-09-14 22:51 --------- d-----w C:\Program Files\SiteAdvisor
2008-09-14 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-14 21:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\SiteAdvisor
2008-09-14 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-13 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-12 21:38 --------- d-----w C:\Program Files\Restaurant Empire
2008-09-10 06:44 24 ----a-w C:\Documents and Settings\Admin\jagex_runescape_preferences.dat
2008-09-09 01:35 --------- d-----w C:\Program Files\eMule
2008-09-09 01:06 --------- d-----w C:\Program Files\LoveChess Age Of Egypt
2008-09-07 02:03 --------- d-----w C:\Program Files\Tropico 2 Pirate Cove
2008-09-06 23:12 --------- d-----w C:\Program Files\Tropico
2008-09-06 11:56 --------- d-----w C:\Program Files\Common Files\River Past
2008-09-06 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-09-06 07:34 --------- d-----w C:\Documents and Settings\Admin\Application Data\River Past G5
2008-09-06 07:31 162,842 ----a-w C:\WINDOWS\Animated GIF Converter and Booster Pack Uninstaller.exe
2008-09-06 07:30 --------- d-----w C:\Program Files\River Past
2008-09-06 05:03 166,718 ----a-w C:\WINDOWS\Video Cleaner Pro Uninstaller.exe
2008-09-06 03:45 --------- d-----w C:\Program Files\123 AVI to GIF Converter
2008-09-04 02:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\SPORE
2008-08-30 21:30 --------- d-----w C:\Program Files\DreamCatcher
2008-08-29 23:07 --------- d-----w C:\Documents and Settings\Admin\Application Data\mIRC
2008-08-29 22:57 --------- d-----w C:\Program Files\mIRC
2008-08-28 01:00 --------- d-----w C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2008-08-28 00:56 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-28 00:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-26 01:24 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-24 00:12 --------- d-----w C:\Documents and Settings\Admin\Application Data\Apple Computer
2008-08-24 00:03 --------- d-----w C:\Program Files\AC3Filter
2008-08-23 23:37 --------- d-----w C:\Program Files\XviD
2008-08-23 16:28 --------- d-----w C:\Program Files\KC Softwares
2008-08-15 21:29 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-10 06:26 8 --sh--r C:\Documents and Settings\All Users\Application Data\067DFED2B0.sys
2008-06-02 19:50 47,360 ----a-w C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2003-12-18 15:33 20,102 ----a-w C:\Program Files\Readme.txt
2003-09-03 11:46 10,960 ----a-w C:\Program Files\EULA.txt
2008-05-29 18:18 56 --sh--r C:\WINDOWS\system32\B0D2FE7D06.sys
2008-05-31 00:37 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-07-10 08:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071020080711\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-21_21.41.26.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-21 22:57:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-22 12:53:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-21 22:57:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-22 12:53:56 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-29 91440]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2008-08-01 1103216]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-04-11 110592]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"lxcymon.exe"="C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [2006-03-06 286720]
"EzPrint"="C:\Program Files\Lexmark 3400 Series\ezprint.exe" [2006-02-07 98304]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-02-24 65536]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SunKistEM"="C:\Program Files\eMachines Bay Reader\shwiconem.exe" [2004-03-11 135168]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-29 91440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
"VIDC.JDCT"= jl_jdct.drv
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\SoulseekNS\\slsk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Documents and Settings\\Owner\\Desktop\\Gancked\\3D Live Pool v2.3\\3D Live Pool\\3D Live Pool\\3D Live Pool.exe"=
"C:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"C:\\Program Files\\River Past\\Animated GIF Converter and Booster Pack\\VideoCleaner.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944]
R2 NVR0FLASHDev;NVR0FLASHDev;C:\WINDOWS\nvflash.sys [2008-05-23 36640]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 UpdateCenterService;Update Center Service;C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-05-23 114688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 495616]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [2007-04-10 62794]
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys [ ]
S3 XDva092;XDva092;C:\WINDOWS\system32\XDva092.sys [ ]
.
Contents of the 'Scheduled Tasks' folder

2008-10-16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-10-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 10:07:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\McAfee\SiteAdvisor\saHook.dll
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-10-22 10:19:13 - machine was rebooted [Admin]
ComboFix-quarantined-files.txt 2008-10-22 14:19:08
ComboFix2.txt 2008-10-22 01:42:18
ComboFix3.txt 2008-07-10 05:39:11

Pre-Run: 13,106,176,000 bytes free
Post-Run: 13,090,476,032 bytes free

307 --- E O F --- 2008-10-22 07:00:36


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:39 AM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Admin\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescam...GamesCampus.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame...ch_USAv1002.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15435 bytes

[Essexboy]

Quote

did what was required above and the comp crashed at some point (I went AFK while it worked) but when i came back there was no log. All i got was a WER (Windows error report) box. So i ran it again. Below is what i got.

That sometimes happens for no apparent reason

A final sweep now for registry orphans. How is your computer running now ?

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[undun40cal]

Everything is back to semi-normal now thanks to you. No more pop-ups! Thanks alot. If there is anything else i need to do, i'm all ears. I'm also pretty sure if anything happens again, i'll be back. As for this issue, i would classify it as resolved. Thank you!

Malwarebytes' Anti-Malware 1.29
Database version: 1306
Windows 5.1.2600 Service Pack 3

10/22/2008 11:03:24 AM
mbam-log-2008-10-22 (11-03-24).txt

Scan type: Quick Scan
Objects scanned: 56258
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Essexboy]

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so...Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
  
• Open My Computer.
  
• Select the Tools menu and click Folder Options.
  
• Select the View Tab.
  
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
  
• Click OK.

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  
• Accept any prompts.
  
• Open JavaRa.exe again and select Search For Updates.
  
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
  
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Secunia Software inspector To check your programme update status
  
• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.