Thanks for the reply tetonbob,I have followed your instructions and included the log's I also did a scan with Trojan remover and found a file that got past my AVG? I cant remember what it was called, but my computer seeems to be running a lot better and im not getting the rundll error at startup.
Deckard's System Scanner v20071014.68
Run by Robert on 2008-06-15 08:47:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Robert.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:41, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Robert\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Robert.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] "C:\Program Files\ULi5287\ULi5287.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes -
http://origin.games.yahoo.net/games/...s/y/dot9_x.cab
O16 - DPF: Yahoo! Hearts -
http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Spades -
http://download2.games.yahoo.com/gam...ts/y/st3_x.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1158588779328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1158583291046
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} -
http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 11873 bytes
-- Files created between 2008-05-15 and 2008-06-15 -----------------------------
2008-06-15 08:43:51 0 d-------- C:\Program Files\Trend Micro
2008-06-15 08:30:48 68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 08:30:48 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 08:30:48 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 08:30:48 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 08:30:48 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 08:30:48 98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 08:30:48 80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 08:30:48 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-09 17:40:31 0 d-------- C:\Program Files\Panda Security
2008-06-08 09:55:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-06-05 18:23:06 0 d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-06-03 08:49:06 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-06-02 16:22:45 0 d-------- C:\Program Files\RegCure
2008-06-02 12:34:54 12252926 -----n--- C:\AVG7QT.DAT
2008-06-02 11:13:38 0 dr-h----- C:\$VAULT$.AVG
2008-05-31 14:49:11 0 d-------- C:\Program Files\Trojan Remover
2008-05-31 14:49:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-31 14
49 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-31 14
49 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-31 14
49 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-05-31 14
49 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-31 14
49 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-31 13:44:43 0 d-------- C:\Documents and Settings\Robert\Application Data\Simply Super Software
2008-05-31 11:58:32 0 d-------- C:\Documents and Settings\Robert\Application Data\AVG7
2008-05-31 11:58:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-31 11:58:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-31 11:58:13 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 11:12:50 0 d-------- C:\Program Files\AVG
2008-05-31 11:12:50 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-30 19:55:09 0 d--h----- C:\Documents and Settings\LocalService\SendTo
2008-05-30 19:55:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-05-30 19:54:56 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-30 19:54:53 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-30 19:54:53 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-30 19:54:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-05-30 12:38:28 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-27 23:49:30 0 d-------- C:\WINDOWS\Sun
2008-05-27 23:49:30 0 d-------- C:\Documents and Settings\Robert\Application Data\Sun
2008-05-27 23:48:47 0 d-------- C:\Program Files\Java
2008-05-27 23:48:00 0 d-------- C:\Program Files\Common Files\Java
2008-05-27 20:44:56 0 d-------- C:\Documents and Settings\Robert\Application Data\MAGIX
2008-05-27 20:44:56 0 d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-05-27 20:44:47 0 d-------- C:\Program Files\WMV9_VCM
2008-05-27 20:43:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Xara
2008-05-27 20:43:50 120200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
2008-05-27 20:43:10 700416 --a------ C:\WINDOWS\system32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
2008-05-27 20:43:10 0 d-------- C:\WINDOWS\system32\MAGIX
2008-05-27 12:15:33 0 d-------- C:\Program Files\MSXML 6.0
2008-05-26 19:52:29 0 d-------- C:\Documents and Settings\Robert\Application Data\Autodesk
2008-05-26 19:52:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-19 12:35:20 0 d-------- C:\Program Files\Microsoft IntelliPoint
-- Find3M Report ---------------------------------------------------------------
2008-06-08 09:55:51 0 d-------- C:\Program Files\Common Files\logishrd
2008-06-08 09:55:00 0 d-------- C:\Program Files\Logitech
2008-06-05 18:28:33 0 d-------- C:\Documents and Settings\Robert\Application Data\uTorrent
2008-05-30 18:48:52 0 d-------- C:\Program Files\Common Files
2008-05-27 20:44:27 0 d-------- C:\Program Files\Common Files\Xara
2008-05-27 20:43:50 0 d-------- C:\Program Files\Xara
2008-05-09 12:25:33 0 d-------- C:\Documents and Settings\Robert\Application Data\Skype
2008-05-08 10:21:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-08 10:10:04 0 d-------- C:\Program Files\Driver Magician
2008-05-08 10:04:15 0 d-------- C:\Program Files\epson
2008-05-08 10:02:38 0 d-------- C:\Program Files\Realtek
2008-05-08 10:02:29 0 d-------- C:\Documents and Settings\Robert\Application Data\InstallShield
2008-05-04 19:40:17 0 d-------- C:\Program Files\CyberLink
2008-05-04 19:38:36 0 d-------- C:\Program Files\DivX
2008-05-04 19:35:40 0 d-------- C:\Program Files\QuickTime
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [13/10/2005 21:05]
"ULiRaid"="C:\Program Files\ULi5287\ULi5287.exe" [23/08/2005 20:59]
"SoundMan"="SOUNDMAN.EXE" [17/08/2005 11:39 C:\WINDOWS\soundman.exe]
"CTHelper"="CTHELPER.EXE" [09/04/2007 12:32 C:\WINDOWS\system32\CtHelper.exe]
"NvCplDaemon"="RUNDLL32.exe" [04/08/2004 00:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 17:40]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20/01/2007 08:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/05/2008 19:35]
"NvMediaCenter"="RUNDLL32.exe" [04/08/2004 00:56 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe" [01/03/2004 03:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [06/02/2007 00:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [02/06/2008 11:12]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [07/04/2008 19:51]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/10/2007 16:33]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/10/2007 16:37]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [12/06/2006 14:32]
C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 21:24:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2008-06-15 08:48:12 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:44:01, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] "C:\Program Files\ULi5287\ULi5287.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Dominoes -
http://origin.games.yahoo.net/games/...s/y/dot9_x.cab
O16 - DPF: Yahoo! Hearts -
http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Spades -
http://download2.games.yahoo.com/gam...ts/y/st3_x.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -
http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1158588779328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1158583291046
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} -
http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 11710 bytes
ComboFix 08-06-12.2 - Robert 2008-06-15 8:31:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1429 [GMT 1:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\Common\Lib\ioloHL.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM030a5378.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\FMTtvGgh.ini
C:\WINDOWS\system32\FMTtvGgh.ini2
C:\WINDOWS\system32\vjqbctso.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-11 18:33 . 2008-04-14 12:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 17:40 . 2008-06-09 17:40 <DIR> d-------- C:\Program Files\Panda Security
2008-06-09 16:36 . 2008-06-09 16:36 <DIR> d-------- C:\Deckard
2008-06-09 13:48 . 2008-06-09 13:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 13:48 . 2008-06-09 13:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-08 09:55 . 2008-06-08 10:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-06-05 18:23 . 2008-06-05 18:30 <DIR> d-------- C:\Documents and Settings\Robert\.housecall6.6
2008-06-05 18:23 . 2008-06-05 18:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-02 16:22 . 2008-06-02 16:28 <DIR> d-------- C:\Program Files\RegCure
2008-06-02 12:34 . 2008-06-02 12:34 12,252,926 --------- C:\AVG7QT.DAT
2008-06-02 11:13 . 2008-06-14 07:37 <DIR> dr-h----- C:\$VAULT$.AVG
2008-05-31 14:49 . 2008-06-02 11:36 <DIR> d-------- C:\Program Files\Trojan Remover
2008-05-31 14:49 . 2008-05-31 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-05-31 14:06 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-05-31 14:06 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-05-31 14:06 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-05-31 14:06 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-05-31 14:06 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-05-31 13:44 . 2008-05-31 14:26 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Simply Super Software
2008-05-31 11:58 . 2008-06-15 08:03 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\AVG7
2008-05-31 11:58 . 2008-05-31 11:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-31 11:58 . 2008-05-31 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-31 11:58 . 2008-05-31 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 11:12 . 2008-05-31 11:12 <DIR> d-------- C:\Program Files\AVG
2008-05-31 11:12 . 2008-05-31 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-30 19:55 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-05-30 12:38 . 2008-05-30 12:38 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-30 11:52 . 2008-05-30 11:52 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-30 11:52 . 2008-05-30 11:52 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-05-30 11:51 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\drivers\hidserv.dll
2008-05-27 23:49 . 2008-05-27 23:49 <DIR> d-------- C:\WINDOWS\Sun
2008-05-27 23:49 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-27 23:48 . 2008-05-27 23:49 <DIR> d-------- C:\Program Files\Java
2008-05-27 23:48 . 2008-05-27 23:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-27 20:44 . 2008-05-27 20:44 <DIR> d-------- C:\Program Files\WMV9_VCM
2008-05-27 20:44 . 2008-05-27 20:44 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\MAGIX
2008-05-27 20:44 . 2008-05-27 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-05-27 20:43 . 2008-05-27 20:44 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2008-05-27 20:43 . 2008-05-27 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Xara
2008-05-27 20:43 . 2007-12-04 14:20 700,416 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-05-27 20:43 . 2007-04-27 09:43 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll
2008-05-27 20:43 . 2008-05-27 20:43 5,937 --a------ C:\WINDOWS\mgxoschk.ini
2008-05-27 12:15 . 2008-05-27 12:15 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-26 19:52 . 2008-05-26 19:52 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Autodesk
2008-05-26 19:52 . 2008-05-30 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-05-19 12:35 . 2008-05-19 12:35 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 08:55 --------- d-----w C:\Program Files\Logitech
2008-06-08 08:55 --------- d-----w C:\Program Files\Common Files\logishrd
2008-06-05 17:28 --------- d-----w C:\Documents and Settings\Robert\Application Data\uTorrent
2008-05-27 19:44 --------- d-----w C:\Program Files\Common Files\Xara
2008-05-27 19:43 --------- d-----w C:\Program Files\Xara
2008-05-19 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-09 11:25 --------- d-----w C:\Documents and Settings\Robert\Application Data\Skype
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 09:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 09:10 --------- d-----w C:\Program Files\Driver Magician
2008-05-08 09:04 --------- d-----w C:\Program Files\epson
2008-05-08 09:02 --------- d-----w C:\Program Files\Realtek
2008-05-08 09:02 --------- d-----w C:\Documents and Settings\Robert\Application Data\InstallShield
2008-05-07 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 18:40 --------- d-----w C:\Program Files\CyberLink
2008-05-04 18:38 --------- d-----w C:\Program Files\DivX
2008-05-04 18:35 --------- d-----w C:\Program Files\QuickTime
2008-05-04 08:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-01 22:12 491,040 ----a-w C:\WINDOWS\java\Packages\QW9ZL3H3.ZIP
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2004-08-09 23:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-03-16 13:52 8 --sh--r C:\WINDOWS\system32\58FE921A75.sys
2007-03-16 13:52 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-13 21:05 344064]
"ULiRaid"="C:\Program Files\ULi5287\ULi5287.exe" [2005-08-23 20:59 409600]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 11:39 90112 C:\WINDOWS\soundman.exe]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09 200704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-04 19:35 282624]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 33280 C:\WINDOWS\system32\rundll32.exe]
"EPSON Stylus CX6600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.exe" [2004-03-01 03:00 98304]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-02 11:12 579584]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-07 19:51 873040]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-31 12:03 219136]
C:\Documents and Settings\Robert\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ETDED.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R0 CLBStor;InstantBurn Storage Helper Driver;C:\WINDOWS\system32\drivers\CLBStor.sys [2006-08-31 17:03]
R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2005-08-19 10:18]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 20:36]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 07:02:50 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-02 15:24:28 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-15 08:36:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll
PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\ioloHL.dll
.
Completion time: 2008-06-15 8:38:41
ComboFix-quarantined-files.txt 2008-06-15 07:38:29
Pre-Run: 84,095,651,840 bytes free
Post-Run: 84,408,086,528 bytes free
187 --- E O F --- 2008-06-12 05:50:54