Possible Malware Infection (pcHealth)...Please Help!

Status
Not open for further replies.

Mr2freeek

Solid State Member
Messages
14
Hello,

I have been trying to rid my system of this pcHealth virus for a few days now, but it keeps regenerating. My computer is running very slow compared to what it used to run last week (especially firefox). Any help with this issue is much appreciated!

Andy

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:32 PM, on 5/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system\wcdvtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Andy\My Documents\Downloads\InternetZ\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = I Am Wired Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Drivers - Download NVIDIA Drivers
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: flvdome - {ec302626-9795-32d4-9991-c9cf2956df1d} - C:\WINDOWS\system32\_x_EN-_-Sv2K.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11351 bytes
 
Download combofix, malwarebytes and hijackthis 2.04, then reboot into safemode and run them in the order listed above and post logs from all 3 when done. You can view how to download and install in my signature link.
 
Thanks for the reply Osiris, here are the requested log files:

ComboFix 10-05-13.04 - Andy 05/14/2010 20:24:45.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1659 [GMT 2:00]
Running from: c:\documents and settings\Andy\My Documents\Downloads\InternetZ\ComboFix.exe
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Andy\Local Settings\Temporary Internet Files\B-_-jPz-lKx_92
c:\documents and settings\Andy\Local Settings\Temporary Internet Files\BJr0Ap-Bj
c:\documents and settings\Andy\Local Settings\Temporary Internet Files\CKM-_-
C:\Thumbs.db
c:\windows\system32\Thumbs.db
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Files Created from 2010-04-14 to 2010-05-14 )))))))))))))))))))))))))))))))
.

2010-05-13 15:56 . 2010-05-13 15:56 -------- dc----w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-13 15:46 . 2010-05-13 15:46 -------- dc----w- c:\documents and settings\Andy\Local Settings\Application Data\WMTools Downloaded Files
2010-05-10 16:34 . 2010-05-10 16:34 111740 -c--a-w- c:\windows\system32\8Epfvx.exe
2010-05-10 10:05 . 2010-05-10 10:05 -------- dc----w- c:\program files\Realtek AC97
2010-05-10 00:08 . 2010-05-10 12:23 -------- dc----w- c:\documents and settings\Andy\Local Settings\Application Data\Nero_AG
2010-05-10 00:04 . 2010-05-10 00:04 -------- dc----w- c:\documents and settings\Andy\Local Settings\Application Data\Nero
2010-05-10 00:00 . 2010-05-10 00:00 -------- dc----w- c:\documents and settings\Andy\Application Data\Nero
2010-05-09 23:53 . 2010-05-09 23:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Nero
2010-05-09 23:30 . 2010-05-09 23:30 -------- dc----w- c:\program files\Microsoft.NET
2010-05-09 23:28 . 2009-09-04 15:29 1974616 -c--a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-09 23:28 . 2009-09-04 15:29 1892184 -c--a-w- c:\windows\system32\D3DX9_42.dll
2010-05-09 23:28 . 2008-10-15 04:22 4379984 -c--a-w- c:\windows\system32\D3DX9_40.dll
2010-05-09 23:28 . 2007-07-19 16:14 3727720 -c--a-w- c:\windows\system32\d3dx9_35.dll
2010-05-09 23:28 . 2007-05-16 14:45 3497832 -c--a-w- c:\windows\system32\d3dx9_34.dll
2010-05-09 23:27 . 2010-05-09 23:27 -------- dc----w- c:\windows\Logs
2010-05-09 16:17 . 2010-05-09 17:58 -------- dc----w- c:\program files\Common Files\Eagletron
2010-05-09 16:17 . 2009-11-18 17:36 74240 -c--a-w- c:\windows\trackerpod_server.exe
2010-05-09 16:17 . 2009-11-18 17:36 35016 -c--a-w- c:\windows\system32\drivers\dvdriver.sys
2010-05-09 15:26 . 2010-05-09 15:26 57344 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-09 15:26 . 2010-05-09 15:23 754984 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-09 15:26 . 2010-05-09 15:23 1180952 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-09 15:26 . 2010-05-09 15:26 56978 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-09 15:26 . 2010-05-09 15:26 56766 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-09 15:26 . 2009-10-01 14:03 529171 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-09 15:26 . 2009-10-01 14:03 529171 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-09 15:26 . 2010-05-09 15:26 57679 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-09 15:26 . 2010-05-09 15:26 53600 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 84040 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 54166 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 57532 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 54153 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 54128 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 54629 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 57409 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 54101 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-09 15:25 . 2010-05-09 15:25 52963 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-09 15:24 . 2010-05-09 15:24 54073 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-09 15:24 . 2010-05-09 15:24 56969 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-09 15:23 . 2010-05-09 15:23 144696 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-09 15:23 . 2010-05-09 15:26 -------- dc----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-08 01:00 . 2010-05-08 01:00 -------- dc----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-07 15:36 . 2010-05-07 15:36 -------- dc----w- c:\program files\Common Files\Logitech
2010-05-07 15:36 . 1998-10-29 14:45 306688 -c--a-w- c:\windows\IsUninst.exe
2010-05-06 17:09 . 2010-05-06 17:09 -------- dc----w- c:\documents and settings\Andy\Application Data\Leadertech
2010-05-06 17:09 . 2009-04-30 22:57 199192 -c--a-w- c:\windows\system32\lvci1201278.dll
2010-05-06 17:09 . 2009-04-30 23:01 265496 -c--a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-06 17:09 . 2009-04-30 22:55 13976 -c--a-w- c:\windows\system32\drivers\lv302af.sys
2010-05-06 17:08 . 2010-05-06 17:48 -------- dc----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-05-06 17:08 . 2010-05-11 23:47 -------- dc----w- c:\program files\Logitech
2010-05-06 17:00 . 2010-01-21 09:46 441168 -c--a-w- c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\6jz89ley.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
2010-04-30 10:54 . 2010-04-30 10:54 1560576 -c--a-w- c:\windows\system32\_x_EN-_-Sv2K.dll
2010-04-29 19:49 . 2010-04-29 19:49 -------- dc----w- c:\documents and settings\Andy\Application Data\PureEdge
2010-04-29 19:49 . 2010-04-29 19:49 -------- dc----w- c:\documents and settings\All Users\Application Data\PureEdge
2010-04-29 19:49 . 2010-04-29 19:49 -------- dc----w- c:\program files\IBM
2010-04-29 18:59 . 2010-04-29 18:59 -------- dc----w- c:\program files\iPod
2010-04-29 18:59 . 2010-04-29 18:59 -------- dc----w- c:\program files\iTunes
2010-04-29 18:59 . 2010-04-29 18:59 -------- dc----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-29 18:55 . 2010-04-29 18:55 -------- dc----w- c:\program files\Bonjour
2010-04-29 18:51 . 2010-04-29 18:51 73000 -c--a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 06:21 . 2010-04-29 06:21 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-27 20:21 . 2009-08-06 17:23 274288 -c--a-w- c:\windows\system32\mucltui.dll
2010-04-27 20:21 . 2009-08-06 17:23 215920 -c--a-w- c:\windows\system32\muweb.dll
2010-04-24 14:42 . 2010-05-10 16:51 2048 -c--a-w- c:\windows\system32\Tr_sttool.dat
2010-04-24 14:42 . 2010-04-24 14:42 81920 -c--a-w- c:\windows\system32\bsrgvas.dll
2010-04-24 14:42 . 2010-04-24 14:42 692224 -c--a-w- c:\windows\system32\bsrmgcv.dll
2010-04-24 14:42 . 2010-04-24 14:42 192512 -c--a-w- c:\windows\system32\bsrmgps.dll
2010-04-24 14:42 . 2010-04-24 14:42 585728 -c--a-w- c:\windows\system32\bsratswf.dll
2010-04-24 14:42 . 2010-04-24 14:42 147456 -c--a-w- c:\windows\system32\bsratwmv.dll
2010-04-24 14:42 . 2010-04-24 14:42 -------- dc----w- c:\program files\BSR Screen Recorder 4
2010-04-24 13:35 . 2010-05-14 16:24 -------- dc----w- c:\documents and settings\Andy\Tracing
2010-04-24 13:34 . 2009-08-05 20:48 54752 -c--a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-04-24 13:34 . 2010-04-24 13:34 -------- dc----w- c:\program files\Microsoft Sync Framework
2010-04-24 13:33 . 2006-11-29 11:06 3426072 -c--a-w- c:\windows\system32\d3dx9_32.dll
2010-04-24 13:33 . 2010-04-24 13:33 -------- dc----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-24 13:32 . 2010-04-24 13:32 -------- dc----w- c:\program files\Microsoft
2010-04-24 13:32 . 2010-04-24 13:32 -------- dc----w- c:\program files\Windows Live SkyDrive
2010-04-24 13:31 . 2010-04-24 13:34 -------- dc----w- c:\program files\Windows Live
2010-04-24 13:20 . 2010-04-24 13:20 -------- dc----w- c:\program files\Common Files\Windows Live
2010-04-24 12:54 . 2010-04-25 12:38 -------- dc----w- c:\documents and settings\Andy\Local Settings\Application Data\Yahoo
2010-04-24 12:51 . 2010-04-24 12:51 -------- dc----w- c:\documents and settings\Andy\Local Settings\Application Data\Yahoo!
2010-04-24 12:51 . 2010-04-25 12:38 -------- dc----w- c:\documents and settings\Andy\Application Data\Yahoo!
2010-04-24 12:51 . 2010-04-24 12:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-24 12:51 . 2009-12-14 15:52 607472 -c--a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-04-24 12:47 . 2010-05-11 23:54 -------- dc----w- c:\program files\Yahoo!
2010-04-24 12:43 . 2008-04-13 21:15 60032 -c--a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-04-24 12:43 . 2008-04-13 21:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-24 12:41 . 2010-05-09 15:37 -------- dc----w- c:\program files\Common Files\logishrd
2010-04-24 12:41 . 2008-04-14 02:42 53760 -c--a-w- c:\windows\system32\vfwwdm32.dll
2010-04-24 12:41 . 2008-04-14 02:42 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-04-24 08:11 . 2010-04-24 08:11 -------- dc----w- c:\program files\Common Files\Java
2010-04-24 08:11 . 2010-04-12 15:29 411368 -c--a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 18:13 . 2010-02-06 16:22 -------- dc----w- c:\documents and settings\Andy\Application Data\BitTorrent
2010-05-13 15:32 . 2009-08-30 19:42 -------- dc----w- c:\program files\Common Files\Roxio Shared
2010-05-13 15:32 . 2009-08-30 19:43 -------- dc----w- c:\documents and settings\All Users\Application Data\Roxio
2010-05-13 15:32 . 2009-08-18 09:52 -------- dc----w- c:\program files\Common Files\InstallShield
2010-05-13 15:25 . 2009-08-31 12:27 -------- dc----w- c:\documents and settings\Andy\Application Data\Research In Motion
2010-05-13 15:25 . 2010-02-15 19:43 -------- dc----w- c:\program files\Common Files\Research In Motion
2010-05-13 15:25 . 2009-08-31 23:30 -------- dc----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-05-12 14:42 . 2010-01-18 23:04 256 -c--a-w- c:\documents and settings\Andy\pool.bin
2010-05-11 23:51 . 2009-08-18 09:33 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-05-11 23:50 . 2009-11-06 19:38 -------- dc----w- c:\program files\Corel
2010-05-11 23:50 . 2009-11-06 19:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-05-09 18:52 . 2009-08-22 14:25 -------- dc----w- c:\documents and settings\Andy\Application Data\DivX
2010-05-09 15:41 . 2009-08-18 08:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-09 15:40 . 2009-08-18 08:49 -------- dc----w- c:\program files\Spybot - Search & Destroy
2010-05-09 15:26 . 2009-08-18 08:50 -------- dc----w- c:\program files\DivX
2010-05-09 15:24 . 2009-09-09 07:07 -------- dc----w- c:\program files\Common Files\DivX Shared
2010-05-02 13:10 . 2009-08-23 17:17 44792 -c--a-w- c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-29 20:23 . 2009-08-18 08:59 -------- dc----w- c:\documents and settings\Andy\Application Data\Apple Computer
2010-04-29 18:59 . 2009-08-23 19:07 -------- dc----w- c:\program files\Common Files\Apple
2010-04-29 18:57 . 2010-02-11 20:35 -------- dc----w- c:\program files\QuickTime
2010-04-26 15:27 . 2009-09-03 12:48 1 -c--a-w- c:\documents and settings\Andy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-24 13:01 . 2009-08-18 08:52 -------- dc----w- c:\program files\VideoLAN
2010-04-24 08:11 . 2010-01-23 18:21 -------- dc----w- c:\program files\Java
2010-04-16 06:33 . 2009-08-23 19:08 41472 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2009-08-23 19:08 3003680 -c--a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 11:20 . 2010-04-08 11:20 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-03-31 01:58 . 2009-10-01 14:03 133616 -c----w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2007-05-01 15:48 125424 -c----w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2007-05-01 02:00 44944 -c----w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-18 23:03 . 2010-01-23 23:34 152576 -c--a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-18 23:03 . 2010-01-23 23:34 79488 -c--a-w- c:\documents and settings\Andy\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2008-10-16 19:38 832512 -c--a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2009-01-26 16:29 78336 -c--a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-01-26 16:28 17408 -c--a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 03:42 430080 -c--a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 -c--a-w- c:\windows\system32\dpl100.dll
2010-03-01 18:31 . 2009-08-23 16:53 15688 -c--a-w- c:\windows\system32\lsdelete.exe
2010-02-24 11:57 . 2009-01-26 16:31 457216 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 19:27 . 2010-02-19 19:27 720384 -c--a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 -c--a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 -c--a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 -c--a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 -c--a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 -c--a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 12:50 . 2009-01-26 16:31 2146304 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:12 . 2008-08-14 10:09 2024448 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-14 00:06 . 2009-08-31 12:27 256 -c--a-w- c:\windows\system32\pool.bin
2003-03-18 19:20 . 2010-04-29 19:49 1060864 -c--a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 02:42 . 2010-04-29 19:49 348160 -c--a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
.
 
The rest of CoboFix Log:

------- Sigcheck -------

[-] 2009-01-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}]
2010-04-01 03:34 578872 -c--a-w- c:\program files\Yahoo!\Search Protection\ysp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ec302626-9795-32d4-9991-c9cf2956df1d}]
2010-04-30 10:54 1560576 -c--a-w- c:\windows\system32\_x_EN-_-Sv2K.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2010-03-06 654648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-11-20 266240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"LVCOMS"="c:\program files\Common Files\Logitech\CamDrvr\LVCOMS.EXE" [2003-05-08 135214]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"OWCWebCamDV"="c:\windows\system\wcdvtray.exe" [2004-05-20 1056768]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2010-03-11 124928]

c:\documents and settings\Andy\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/22/2009 4:37 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 4:49 PM 1029456]
S2 app_filter;app_filter;c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [11/20/2004 6:01 AM 139264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]
S2 DVDRIVER;DVdriver;c:\windows\system32\drivers\dvdriver.sys [5/9/2010 6:17 PM 35016]
S2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [9/17/2004 10:38 AM 212608]
S3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [9/17/2004 10:38 AM 12672]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DVDRIVER
.
Contents of the 'Scheduled Tasks' folder

2010-05-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 18:31]

2010-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flvdirect.iamwired.net/
uInternet Connection Wizard,ShellNext = hxxp://www.nvidia.com/content/drivers/redirect.asp?language=ENU&page=drivers
uInternet Settings,ProxyOverride = *.local;localhost
IE: {{BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\Yahoo!\Search Protection\ysp.dll
FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\6jz89ley.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{d5604766-cf54-6986-4b9f-b1b4caadd92c}\components\L593RJcF-rgaFGg.dll
FF - plugin: c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\6jz89ley.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, true);FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKU-Default-Run-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-MediaMonkey_is1 - c:\program files\MediaMonkey\unins000.exe
AddRemove-MP3 To Ringtone Gold_is1 - c:\program files\AnMing\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-05-14 20:30:52
ComboFix-quarantined-files.txt 2010-05-14 18:30

Pre-Run: 67,558,686,720 bytes free
Post-Run: 71,968,264,192 bytes free

- - End Of File - - 5030217227EAA545B8FAD352DFC60BD2
 
Malwarebytes' Anti-Malware 1.46
Malwarebytes


Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

5/14/2010 9:03:24 PM
mbam-log-2010-05-14 (21-03-24).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 377189
Time elapsed: 29 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ec302626-9795-32d4-9991-c9cf2956df1d} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec302626-9795-32d4-9991-c9cf2956df1d} (Adware.AdRotator) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (I Am Wired Start) Good: (Google) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\extensions\{d5604766-cf54-6986-4b9f-b1b4caadd92c}\components\L593RJcF-rgaFGg.dll (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\_x_EN-_-Sv2K.dll (Adware.AdRotator) -> No action taken.
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:05:07 PM, on 5/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Andy\My Documents\Downloads\InternetZ\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = I Am Wired Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Drivers - Download NVIDIA Drivers
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: flvdome - {ec302626-9795-32d4-9991-c9cf2956df1d} - C:\WINDOWS\system32\_x_EN-_-Sv2K.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\CamDrvr\LVCOMS.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8611 bytes
 
Status
Not open for further replies.
Back
Top Bottom