My computer is running well. I also deleted utorrent before my previous post. I could not find the file C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt. I tried to disable the antivirus software but it turned on in the middle of combofix.
Here is the combofix txt file
ComboFix 09-06-23.01 - Nick Janssen 06/24/2009 16:39.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1591 [GMT -5:00]
Running from: c:\documents and settings\Nick Janssen\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Nick Janssen\Desktop\CFscript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.
2009-06-24 21:03 . 2009-06-24 21:03 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\Malwarebytes
2009-06-24 21:02 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 21:02 . 2009-06-24 21:03 -------- d-----w- c:\program files\nailmalware
2009-06-24 21:02 . 2009-06-24 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 21:02 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 03:26 . 2009-06-23 03:26 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-23 03:26 . 2009-06-23 03:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-23 03:26 . 2009-06-23 03:26 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-23 03:26 . 2009-06-23 03:26 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-23 03:26 . 2009-06-23 03:26 296800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-23 03:26 . 2009-06-23 03:26 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-23 03:26 . 2009-06-23 03:26 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-23 03:26 . 2009-06-23 03:26 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-23 03:26 . 2009-06-23 03:26 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-23 03:25 . 2009-06-23 03:25 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-23 03:25 . 2009-06-23 03:25 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-23 03:25 . 2009-06-23 03:25 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-23 03:25 . 2009-06-23 03:25 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-23 03:25 . 2009-06-23 03:25 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-22 00:27 . 2009-06-22 00:27 -------- d--h--w- c:\windows\PIF
2009-06-21 23:24 . 2009-06-22 20:11 -------- d-----w- C:\ComboFix
2009-06-19 23:56 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-19 23:56 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-12 16:26 . 2009-06-12 16:26 152576 ----a-w- c:\documents and settings\Nick Janssen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-05 03:26 . 2009-06-05 03:26 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-05 03:26 . 2009-06-05 03:26 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-05 03:25 . 2009-06-05 03:25 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-05 03:25 . 2009-06-05 03:25 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 21:20 . 2007-12-02 02:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-24 03:11 . 2007-08-03 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-22 21:00 . 2007-08-03 17:43 -------- d-----w- c:\program files\Java
2009-06-22 20:58 . 2009-04-03 20:55 -------- d-----w- c:\program files\Snood 4
2009-06-22 20:36 . 2009-01-04 05:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-20 16:36 . 2008-08-21 23:19 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\uTorrent
2009-06-19 17:48 . 2007-08-03 17:32 49758 ----a-w- c:\windows\system32\nvModes.dat
2009-06-12 15:58 . 2007-08-15 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 00:15 . 2007-08-03 23:24 0 -c--a-w- c:\windows\system32\drivers\lvuvc.hs
2009-06-10 00:15 . 2008-12-07 08:09 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-06-05 03:26 . 2009-04-17 04:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-15 21:19 . 2009-05-15 21:19 152576 ----a-w- c:\documents and settings\Nick Janssen\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2004-08-04 10:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 05:59 . 2009-05-06 05:59 -------- d-----w- c:\program files\Coupons
2009-05-06 02:45 . 2009-05-06 02:44 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\takenote
2009-05-06 02:45 . 2009-05-06 02:45 -------- d-----w- c:\documents and settings\Nick Janssen\Application Data\gtk-2.0
2009-04-29 04:56 . 2006-03-04 03:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 03:25 . 2009-04-24 03:25 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 03:25 . 2009-04-17 03:25 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2004-08-04 10:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 10:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-22_20.23.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-24 21:44 . 2009-06-24 21:44 16384 c:\windows\TEMP\Perflib_Perfdata_770.dat
+ 2004-08-04 10:00 . 2009-06-24 21:49 71710 c:\windows\system32\perfc009.dat
- 2004-08-04 10:00 . 2009-06-22 20:25 71710 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-06-24 21:49 442192 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-06-22 20:25 442192 c:\windows\system32\perfh009.dat
+ 2009-06-22 20:37 . 2009-06-22 20:36 148888 c:\windows\system32\javaws.exe
- 2009-06-12 16:28 . 2009-05-21 16:34 148888 c:\windows\system32\javaws.exe
+ 2009-06-22 20:37 . 2009-06-22 20:36 144792 c:\windows\system32\javaw.exe
- 2009-06-12 16:28 . 2009-05-21 16:34 144792 c:\windows\system32\javaw.exe
+ 2009-06-22 20:37 . 2009-06-22 20:36 144792 c:\windows\system32\java.exe
- 2009-06-12 16:28 . 2009-05-21 16:34 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-24 1830128]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-03 67128]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-12 160592]
"Google Update"="c:\documents and settings\Nick Janssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-05 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-06 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-06-29 1032192]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-23 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-22 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\Nick Janssen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-30 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-07 20:46 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Documents and Settings\\Nick Janssen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Nick Janssen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/16/2009 10:25 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/9/2008 4:17 PM 24652]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1003344]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:25]
2009-06-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-03 22:02]
2009-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1801674531-725345543-1003.job
- c:\documents and settings\Nick Janssen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-05 22:27]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: aol.com\free
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-24 16:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe [4848] 0x89892020
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'explorer.exe'(3816)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-06-24 16:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-24 21:55
ComboFix2.txt 2009-06-22 20:28
ComboFix3.txt 2007-11-25 00:52
Pre-Run: 89,519,157,248 bytes free
Post-Run: 89,445,560,320 bytes free
242 --- E O F --- 2009-06-12 15:58