Spyware.Ispynow

Having the same problem with the security alert pop up. Am told that my firewall has detected unauthorized activity, but cannot help to remove viruses, keyloggers and other spyware thrreats.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:25 PM, on 11/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Opera\Opera.exe
C:\Users\Aubrey\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [HPseti] "C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab75411.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://myspace.oberon-media.com/gameshell/games/channel--110343720/lc--en/room--acbd97ff-acec-41d1-b161-f8885a087681/online/Diner_Dash_3/en/ddfotg.1.0.0.37.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10495 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\..\Run: [HPseti] "C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe"
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Delete this file in bold:
C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe
====

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts, but select NO when asked about the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

ComboFix 08-11-28.02 - Aubrey 2008-11-28 17:41:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.757 [GMT -5:00]
Running from: c:\users\Aubrey\AppData\Roaming\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 13:26 . 2008-11-28 13:26 d-------- c:\users\All Users\FLEXnet
2008-11-28 13:00 . 2008-11-28 13:00 d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 18:35 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:35 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:35 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:35 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:35 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:35 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:35 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 11:37 . 2008-11-24 11:37 130,208 -r------- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2008-11-21 16:07 . 2008-03-07 21:14 148,992 --a------ c:\windows\System32\drivers\ks.sys
2008-11-20 21:54 . 2008-11-28 16:08 0 --a------ c:\windows\System32\drivers\lvuvc.hs
2008-11-20 21:53 . 2008-11-20 21:53 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-20 21:52 . 2008-11-20 21:52 d-------- c:\users\Aubrey\AppData\Roaming\Leadertech
2008-11-20 21:52 . 2008-02-05 21:21 4,658,456 --a------ c:\windows\System32\drivers\lvuvc.sys
2008-11-20 21:52 . 2008-02-05 21:20 628,760 --a------ c:\windows\System32\drivers\lvrs.sys
2008-11-20 21:52 . 2008-02-05 21:21 490,008 --a------ c:\windows\System32\LVUI2.dll
2008-11-20 21:52 . 2008-02-05 21:21 465,432 --a------ c:\windows\System32\LVUI2RC.dll
2008-11-20 21:52 . 2008-02-05 21:18 416,280 --a------ c:\windows\System32\lvcodec2.dll
2008-11-20 21:52 . 2008-02-05 21:18 195,096 --a------ c:\windows\System32\lvci11701196.dll
2008-11-20 21:52 . 2008-02-05 20:37 66,482 --a------ c:\windows\System32\lvcoinst.ini
2008-11-20 21:52 . 2008-02-05 21:21 41,752 --a------ c:\windows\System32\drivers\LVUSBSta.sys
2008-11-20 21:52 . 2008-02-05 20:40 25,056 --a------ c:\windows\System32\Repository.reg
2008-11-20 21:50 . 2008-11-20 21:50 d-------- c:\users\All Users\Logishrd
2008-11-20 21:50 . 2008-11-20 21:54 d-------- c:\program files\Common Files\LogiShrd
2008-11-10 21:29 . 2008-09-09 22:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-10 21:29 . 2008-09-04 23:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-10 21:29 . 2008-08-25 20:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 21:29 . 2008-09-09 22:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-10 21:29 . 2008-09-04 23:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 10:17 . 2008-11-10 10:17 d-------- c:\users\Aubrey\AppData\Roaming\Logitech
2008-11-10 10:16 . 2008-11-10 10:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-10 10:12 . 2008-11-20 21:49 d-------- c:\users\All Users\Logitech
2008-11-10 10:12 . 2008-11-20 21:53 d-------- c:\program files\Logitech
2008-11-10 10:12 . 2008-11-10 10:12 d-------- c:\program files\Common Files\Logitech
2008-11-10 10:12 . 2007-01-30 01:46 163,840 --a------ c:\windows\System32\kemutb.dll
2008-11-10 10:12 . 2007-01-30 01:46 135,168 --a------ c:\windows\System32\KemUtil.dll
2008-11-10 10:12 . 2007-01-30 01:46 110,592 --a------ c:\windows\System32\KemWnd.dll
2008-11-10 10:12 . 2007-01-30 01:46 69,632 --a------ c:\windows\System32\KemXML.dll
2008-11-04 23:12 . 2008-08-05 22:19 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-11-04 23:12 . 2008-08-05 22:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-11-04 23:12 . 2008-08-05 22:21 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 23:12 . 2008-08-05 22:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 23:12 . 2008-08-05 22:20 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-04 23:11 . 2008-08-05 22:21 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 23:11 . 2008-08-05 22:19 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-11-04 23:11 . 2008-08-05 22:19 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-29 00:09 . 2008-08-11 22:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 00:09 . 2008-08-11 22:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:37 --------- d-----w c:\users\Aubrey\AppData\Roaming\uTorrent
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\DivX
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\Apple Computer
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\AIMPro
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\acccore
2008-11-28 18:34 --------- d-----w c:\program files\Mahjong Towers Eternity
2008-11-28 18:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 19:08 --------- d-----w c:\users\Aubrey\AppData\Roaming\LimeWire
2008-11-21 02:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 15:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 04:52 --------- d-----w c:\program files\RealArcade
2008-10-16 07:09 --------- d-----w c:\program files\Windows Mail
2008-10-15 00:55 --------- d--h--w c:\program files\Zero G Registry
2008-10-15 00:55 --------- d-----w c:\users\Aubrey\AppData\Roaming\Plazmic
2008-10-15 00:55 --------- d-----w c:\program files\Plazmic CDK 4.5
2008-10-15 00:25 --------- d-----w c:\program files\World of Warcraft
2008-10-11 16:00 --------- d-----w c:\program files\AIM
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 07:10 174 --sha-w c:\program files\desktop.ini
2008-05-20 00:18 61,224 ----a-w c:\users\Aubrey\GoToAssistDownloadHelper.exe
2008-04-29 15:21 444 ----a-w c:\users\Aubrey\822.bat
2008-04-29 15:21 1,884,160 ----a-w c:\users\Aubrey\winlogon.exe
2008-02-24 18:20 0 ----a-w c:\users\Aubrey\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"HPseti"="c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe" [2008-11-28 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AIMPro"="c:\program files\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-24 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-10 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 01:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a------ 2007-02-15 05:00 179200 c:\windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-22 18:03 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-25 06:10 154136 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-25 06:10 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 03:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-25 06:10 129560 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-02-22 16:57 1232896 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-23 01:18 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 07:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe




.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Aubrey\AppData\Roaming\Mozilla\Firefox\Profiles\x7ru4i3c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fnsr%3D1%26ui%3Dhtml%26zy%3Dl<mpl=default<mplcache=2
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 17:45:39
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4016)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Aubrey\AppData\Roaming\Google\dpldpl.dll
.
Completion time: 2008-11-28 17:48:12
ComboFix-quarantined-files.txt 2008-11-28 22:47:03

Pre-Run: 72,990,982,144 bytes free
Post-Run: 74,179,067,904 bytes free

259 --- E O F --- 2008-11-28 21:25:48

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-11 08:26 4452352 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF47E514-E450-4B37-BB1D-2E7EEBDC4906}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E0B30A2-F521-497B-8D4E-2A123C94236B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E26E368-A1BD-4652-82E7-834433722522}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{22FE4C9F-F706-4FB0-AE37-CDE2F9CBB5E7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1E9072-91D0-4732-9217-74BBD447148A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89110731-C550-49EF-BDE0-08899DB1E751}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEFE4605-B65F-4B37-A629-F86CC02A7701}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{5135187D-7503-403C-830A-D8F9498FAAFA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{FC90DC7F-178A-4F70-8FCB-60ED6EEBC313}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{65DD15C6-4F8A-40FD-8480-C1B44D1C2316}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{80E861E8-56A2-4D28-ABF3-C528930A1141}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{14CF8E9C-6AC2-4582-A4FE-32D9AE0CB170}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{F2958616-A914-4C82-A4F7-5688A444DC1F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BF1D99E5-90C5-44C0-B76E-279E0AC4FF55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C7DEB51B-65F6-4D38-B106-292DF8FB9999}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{203FF9FB-1361-47D9-BB46-50EC128103CD}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{9ABC9DDF-CE3F-4021-8E2C-6367017494C0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F58548D-EB2D-4EBF-B13B-B147C50174F9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8843D3A5-0C8F-4872-89AB-39535F881C02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57790377-B93D-4E10-80DE-7498ACBCA082}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5E630313-5C15-4E8B-A816-7C9ED9D43B10}c:\\program files\\aim\\aim pro\\aimpro.exe"= UDP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"UDP Query User{E54EC69D-D42F-4AB3-B44B-A70BFCDF653E}c:\\program files\\aim\\aim pro\\aimpro.exe"= TCP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"TCP Query User{B3BD2720-98C9-4FE0-B9C9-67628CF054D1}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{B040DB5F-BF75-4B67-A61A-326483AB3E16}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"TCP Query User{FA0BEDD2-2F89-4D8F-9C65-E1196CE86881}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= UDP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{755CDB64-E432-4E55-B901-B4452606DE54}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= TCP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6073C102-EA65-4923-A9BE-9A87C947B81B}c:\\program files\\ipod\\fledge.exe"= UDP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"UDP Query User{D78EA6CC-FBD4-48DB-AA9C-E796A9747D2B}c:\\program files\\ipod\\fledge.exe"= TCP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"{F320AD76-9900-43E8-B7C7-1B9176CA9157}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{65FCF2A6-839F-46CE-ACFC-6CBABFF44481}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{7373EA0F-B97E-4984-9778-6879653593B6}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{9BCA5F5D-F58E-4E99-A6EA-C01EDF922FFC}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{FE02A508-FF80-440B-86AB-3CE6500FE960}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{B404F7FF-CD90-4268-BFA4-344F53C306F3}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{41478338-3592-4B56-9FA4-AB24A0C37FE3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{285D58C7-37F3-490F-BFF4-5BF3816135C4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AEBB6487-26F4-4A69-AE95-B881BF9A6060}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F92D0CBB-3E8C-4E13-829B-79CE03B4F497}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FDD5034D-C6C9-4498-82D5-1A8099EDADE9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3649902C-4E43-466E-BD44-874DFF35CE0C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-11-20 628760]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376f36c6-afc8-11dd-b1cd-001d097e19f0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c77b68f1-c939-11dc-8661-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\LVIPCAP\command - e:\techsupt\CaptureTest\Amcap8.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aubrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{4841B1FA-891F-4210-AD22-D16CFD53E5D1}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-96aa679d - c:\users\Aubrey\AppData\Local\Temp\ijlcrprf.dll
MSConfigStartUp-BM95995401 - c:\users\Aubrey\AppData\Local\Temp\rkstdiab.dll
MSConfigStartUp-Host Process - c:\users\Aubrey\svchost.exe

Hello.
Please submit this file
c:\users\Aubrey\winlogon.exe
to here for a scan.
http://virusscan.jotti.org/
Copy and paste the result back here.

Thank you for your help, I also tried to delete C:UsersAubreyAppDataRoamingGoogledvvm.exe and it told me that the action was denied. I'm logged in as administrator and was still unable to delete it.


Scan taken on 28 Nov 2008 23:00:42 (GMT)
A-Squared Found Virus.Win32.VB.FXE!IK
AntiVir Found TR/Spy.VB.ajb.2
ArcaVir Found nothing
Avast Found Win32:VB-FXE
AVG Antivirus Found BackDoor.VB.BOK
BitDefender Found Trojan.Dropper.VB.AQC
ClamAV Found nothing
CPsecure Found Troj.Dropper.W32.VB.hf
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found Virus.Win32.VB.FXE
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Ircbot.AHLX
Panda Antivirus Found Generic
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found nothing

Thanks.

Now open a new notepad file.
Input this into the notepad file:

File::
C:\Users\Aubrey\AppData\Roaming\Google\dvvm.exe
c:\users\Aubrey\winlogon.exe
c:\users\Aubrey\822.bat

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPseti"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Last edited by Belahzur on 28th November 2008, 11:21 pm; edited 1 time in total

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 13:26 . 2008-11-28 13:26 d-------- c:\users\All Users\FLEXnet
2008-11-28 13:00 . 2008-11-28 13:00 d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 18:35 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:35 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:35 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:35 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:35 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:35 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:35 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 11:37 . 2008-11-24 11:37 130,208 -r------- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2008-11-21 16:07 . 2008-03-07 21:14 148,992 --a------ c:\windows\System32\drivers\ks.sys
2008-11-20 21:54 . 2008-11-28 16:08 0 --a------ c:\windows\System32\drivers\lvuvc.hs
2008-11-20 21:53 . 2008-11-20 21:53 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-20 21:52 . 2008-11-20 21:52 d-------- c:\users\Aubrey\AppData\Roaming\Leadertech
2008-11-20 21:52 . 2008-02-05 21:21 4,658,456 --a------ c:\windows\System32\drivers\lvuvc.sys
2008-11-20 21:52 . 2008-02-05 21:20 628,760 --a------ c:\windows\System32\drivers\lvrs.sys
2008-11-20 21:52 . 2008-02-05 21:21 490,008 --a------ c:\windows\System32\LVUI2.dll
2008-11-20 21:52 . 2008-02-05 21:21 465,432 --a------ c:\windows\System32\LVUI2RC.dll
2008-11-20 21:52 . 2008-02-05 21:18 416,280 --a------ c:\windows\System32\lvcodec2.dll
2008-11-20 21:52 . 2008-02-05 21:18 195,096 --a------ c:\windows\System32\lvci11701196.dll
2008-11-20 21:52 . 2008-02-05 20:37 66,482 --a------ c:\windows\System32\lvcoinst.ini
2008-11-20 21:52 . 2008-02-05 21:21 41,752 --a------ c:\windows\System32\drivers\LVUSBSta.sys
2008-11-20 21:52 . 2008-02-05 20:40 25,056 --a------ c:\windows\System32\Repository.reg
2008-11-20 21:50 . 2008-11-20 21:50 d-------- c:\users\All Users\Logishrd
2008-11-20 21:50 . 2008-11-20 21:54 d-------- c:\program files\Common Files\LogiShrd
2008-11-10 21:29 . 2008-09-09 22:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-10 21:29 . 2008-09-04 23:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-10 21:29 . 2008-08-25 20:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 21:29 . 2008-09-09 22:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-10 21:29 . 2008-09-04 23:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 10:17 . 2008-11-10 10:17 d-------- c:\users\Aubrey\AppData\Roaming\Logitech
2008-11-10 10:16 . 2008-11-10 10:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-10 10:12 . 2008-11-20 21:49 d-------- c:\users\All Users\Logitech
2008-11-10 10:12 . 2008-11-20 21:53 d-------- c:\program files\Logitech
2008-11-10 10:12 . 2008-11-10 10:12 d-------- c:\program files\Common Files\Logitech
2008-11-10 10:12 . 2007-01-30 01:46 163,840 --a------ c:\windows\System32\kemutb.dll
2008-11-10 10:12 . 2007-01-30 01:46 135,168 --a------ c:\windows\System32\KemUtil.dll
2008-11-10 10:12 . 2007-01-30 01:46 110,592 --a------ c:\windows\System32\KemWnd.dll
2008-11-10 10:12 . 2007-01-30 01:46 69,632 --a------ c:\windows\System32\KemXML.dll
2008-11-04 23:12 . 2008-08-05 22:19 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-11-04 23:12 . 2008-08-05 22:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-11-04 23:12 . 2008-08-05 22:21 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 23:12 . 2008-08-05 22:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 23:12 . 2008-08-05 22:20 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-04 23:11 . 2008-08-05 22:21 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 23:11 . 2008-08-05 22:19 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-11-04 23:11 . 2008-08-05 22:19 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-29 00:09 . 2008-08-11 22:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 00:09 . 2008-08-11 22:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:37 --------- d-----w c:\users\Aubrey\AppData\Roaming\uTorrent
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\DivX
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\Apple Computer
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\AIMPro
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\acccore
2008-11-28 18:34 --------- d-----w c:\program files\Mahjong Towers Eternity
2008-11-28 18:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 19:08 --------- d-----w c:\users\Aubrey\AppData\Roaming\LimeWire
2008-11-21 02:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 15:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 04:52 --------- d-----w c:\program files\RealArcade
2008-10-16 07:09 --------- d-----w c:\program files\Windows Mail
2008-10-15 00:55 --------- d--h--w c:\program files\Zero G Registry
2008-10-15 00:55 --------- d-----w c:\users\Aubrey\AppData\Roaming\Plazmic
2008-10-15 00:55 --------- d-----w c:\program files\Plazmic CDK 4.5
2008-10-15 00:25 --------- d-----w c:\program files\World of Warcraft
2008-10-11 16:00 --------- d-----w c:\program files\AIM
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 07:10 174 --sha-w c:\program files\desktop.ini
2008-05-20 00:18 61,224 ----a-w c:\users\Aubrey\GoToAssistDownloadHelper.exe
2008-04-29 15:21 444 ----a-w c:\users\Aubrey\822.bat
2008-04-29 15:21 1,884,160 ----a-w c:\users\Aubrey\winlogon.exe
2008-02-24 18:20 0 ----a-w c:\users\Aubrey\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"HPseti"="c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe" [2008-11-28 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AIMPro"="c:\program files\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-24 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-10 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 01:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a------ 2007-02-15 05:00 179200 c:\windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-22 18:03 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-25 06:10 154136 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-25 06:10 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 03:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-25 06:10 129560 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-02-22 16:57 1232896 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-23 01:18 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 07:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-11 08:26 4452352 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF47E514-E450-4B37-BB1D-2E7EEBDC4906}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E0B30A2-F521-497B-8D4E-2A123C94236B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E26E368-A1BD-4652-82E7-834433722522}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{22FE4C9F-F706-4FB0-AE37-CDE2F9CBB5E7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1E9072-91D0-4732-9217-74BBD447148A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89110731-C550-49EF-BDE0-08899DB1E751}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEFE4605-B65F-4B37-A629-F86CC02A7701}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{5135187D-7503-403C-830A-D8F9498FAAFA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{FC90DC7F-178A-4F70-8FCB-60ED6EEBC313}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{65DD15C6-4F8A-40FD-8480-C1B44D1C2316}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{80E861E8-56A2-4D28-ABF3-C528930A1141}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{14CF8E9C-6AC2-4582-A4FE-32D9AE0CB170}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{F2958616-A914-4C82-A4F7-5688A444DC1F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BF1D99E5-90C5-44C0-B76E-279E0AC4FF55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C7DEB51B-65F6-4D38-B106-292DF8FB9999}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{203FF9FB-1361-47D9-BB46-50EC128103CD}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{9ABC9DDF-CE3F-4021-8E2C-6367017494C0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F58548D-EB2D-4EBF-B13B-B147C50174F9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8843D3A5-0C8F-4872-89AB-39535F881C02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57790377-B93D-4E10-80DE-7498ACBCA082}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5E630313-5C15-4E8B-A816-7C9ED9D43B10}c:\\program files\\aim\\aim pro\\aimpro.exe"= UDP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"UDP Query User{E54EC69D-D42F-4AB3-B44B-A70BFCDF653E}c:\\program files\\aim\\aim pro\\aimpro.exe"= TCP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"TCP Query User{B3BD2720-98C9-4FE0-B9C9-67628CF054D1}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{B040DB5F-BF75-4B67-A61A-326483AB3E16}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"TCP Query User{FA0BEDD2-2F89-4D8F-9C65-E1196CE86881}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= UDP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{755CDB64-E432-4E55-B901-B4452606DE54}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= TCP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6073C102-EA65-4923-A9BE-9A87C947B81B}c:\\program files\\ipod\\fledge.exe"= UDP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"UDP Query User{D78EA6CC-FBD4-48DB-AA9C-E796A9747D2B}c:\\program files\\ipod\\fledge.exe"= TCP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"{F320AD76-9900-43E8-B7C7-1B9176CA9157}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{65FCF2A6-839F-46CE-ACFC-6CBABFF44481}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{7373EA0F-B97E-4984-9778-6879653593B6}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{9BCA5F5D-F58E-4E99-A6EA-C01EDF922FFC}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{FE02A508-FF80-440B-86AB-3CE6500FE960}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{B404F7FF-CD90-4268-BFA4-344F53C306F3}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{41478338-3592-4B56-9FA4-AB24A0C37FE3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{285D58C7-37F3-490F-BFF4-5BF3816135C4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AEBB6487-26F4-4A69-AE95-B881BF9A6060}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F92D0CBB-3E8C-4E13-829B-79CE03B4F497}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FDD5034D-C6C9-4498-82D5-1A8099EDADE9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3649902C-4E43-466E-BD44-874DFF35CE0C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-11-20 628760]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376f36c6-afc8-11dd-b1cd-001d097e19f0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c77b68f1-c939-11dc-8661-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\LVIPCAP\command - e:\techsupt\CaptureTest\Amcap8.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aubrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{4841B1FA-891F-4210-AD22-D16CFD53E5D1}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 18:15:56
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5200)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\users\Aubrey\AppData\Roaming\Google\dpldpl.dll
c:\users\Aubrey\AppData\Local\Temp\catchme.dll
.
Completion time: 2008-11-28 18:18:20
ComboFix-quarantined-files.txt 2008-11-28 23:17:01
ComboFix2.txt 2008-11-28 22:48:14

Pre-Run: 74,901,442,560 bytes free
Post-Run: 74,874,363,904 bytes free

251 --- E O F --- 2008-11-28 21:25:48

Did you the CFScript or just another normal run? the files the CFScript would delete are still there.

I copied the links into the notepad and saved it. Then I dragged it over to the combofix icon and it ran again.

Could you post the top of the log? You've post from the ((( files created within 30 days ))))

It should have a header, and then (((( other deletions )))))

ComboFix 08-11-28.02 - Aubrey 2008-11-28 18:30:57.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.800 [GMT -5:00]
Running from: c:\users\Aubrey\Desktop\ComboFix.exe
Command switches used :: c:\users\Aubrey\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\users\Aubrey\822.bat
c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe
c:\users\Aubrey\winlogon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Aubrey\822.bat
c:\users\Aubrey\AppData\Roaming\Google\dvvm.exe
c:\users\Aubrey\winlogon.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 13:26 . 2008-11-28 13:26 d-------- c:\users\All Users\FLEXnet
2008-11-28 13:00 . 2008-11-28 13:00 d-------- c:\program files\Common Files\Macrovision Shared
2008-11-25 18:35 . 2008-10-21 00:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 18:35 . 2008-08-27 22:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 18:35 . 2008-08-27 22:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 18:35 . 2008-08-27 22:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 18:35 . 2008-10-21 22:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-25 18:35 . 2008-10-21 22:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-25 18:35 . 2008-10-21 22:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 11:37 . 2008-11-24 11:37 130,208 -r------- c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2008-11-21 16:07 . 2008-03-07 21:14 148,992 --a------ c:\windows\System32\drivers\ks.sys
2008-11-20 21:54 . 2008-11-28 16:08 0 --a------ c:\windows\System32\drivers\lvuvc.hs
2008-11-20 21:53 . 2008-11-20 21:53 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-11-20 21:52 . 2008-11-20 21:52 d-------- c:\users\Aubrey\AppData\Roaming\Leadertech
2008-11-20 21:52 . 2008-02-05 21:21 4,658,456 --a------ c:\windows\System32\drivers\lvuvc.sys
2008-11-20 21:52 . 2008-02-05 21:20 628,760 --a------ c:\windows\System32\drivers\lvrs.sys
2008-11-20 21:52 . 2008-02-05 21:21 490,008 --a------ c:\windows\System32\LVUI2.dll
2008-11-20 21:52 . 2008-02-05 21:21 465,432 --a------ c:\windows\System32\LVUI2RC.dll
2008-11-20 21:52 . 2008-02-05 21:18 416,280 --a------ c:\windows\System32\lvcodec2.dll
2008-11-20 21:52 . 2008-02-05 21:18 195,096 --a------ c:\windows\System32\lvci11701196.dll
2008-11-20 21:52 . 2008-02-05 20:37 66,482 --a------ c:\windows\System32\lvcoinst.ini
2008-11-20 21:52 . 2008-02-05 21:21 41,752 --a------ c:\windows\System32\drivers\LVUSBSta.sys
2008-11-20 21:52 . 2008-02-05 20:40 25,056 --a------ c:\windows\System32\Repository.reg
2008-11-20 21:50 . 2008-11-20 21:50 d-------- c:\users\All Users\Logishrd
2008-11-20 21:50 . 2008-11-20 21:54 d-------- c:\program files\Common Files\LogiShrd
2008-11-10 21:29 . 2008-09-09 22:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-10 21:29 . 2008-09-04 23:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-10 21:29 . 2008-08-25 20:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-10 21:29 . 2008-09-09 22:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-10 21:29 . 2008-09-04 23:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 10:17 . 2008-11-10 10:17 d-------- c:\users\Aubrey\AppData\Roaming\Logitech
2008-11-10 10:16 . 2008-11-10 10:16 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-11-10 10:12 . 2008-11-20 21:49 d-------- c:\users\All Users\Logitech
2008-11-10 10:12 . 2008-11-20 21:53 d-------- c:\program files\Logitech
2008-11-10 10:12 . 2008-11-10 10:12 d-------- c:\program files\Common Files\Logitech
2008-11-10 10:12 . 2007-01-30 01:46 163,840 --a------ c:\windows\System32\kemutb.dll
2008-11-10 10:12 . 2007-01-30 01:46 135,168 --a------ c:\windows\System32\KemUtil.dll
2008-11-10 10:12 . 2007-01-30 01:46 110,592 --a------ c:\windows\System32\KemWnd.dll
2008-11-10 10:12 . 2007-01-30 01:46 69,632 --a------ c:\windows\System32\KemXML.dll
2008-11-04 23:12 . 2008-08-05 22:19 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-11-04 23:12 . 2008-08-05 22:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-11-04 23:12 . 2008-08-05 22:21 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-04 23:12 . 2008-08-05 22:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-11-04 23:12 . 2008-08-05 22:20 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-04 23:11 . 2008-08-05 22:21 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-11-04 23:11 . 2008-08-05 22:19 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-11-04 23:11 . 2008-08-05 22:19 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-29 00:09 . 2008-08-11 22:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 00:09 . 2008-08-11 22:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:37 --------- d-----w c:\users\Aubrey\AppData\Roaming\uTorrent
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\DivX
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\Apple Computer
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\AIMPro
2008-11-28 20:19 --------- d-----w c:\users\Aubrey\AppData\Roaming\acccore
2008-11-28 18:34 --------- d-----w c:\program files\Mahjong Towers Eternity
2008-11-28 18:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-27 19:08 --------- d-----w c:\users\Aubrey\AppData\Roaming\LimeWire
2008-11-21 02:53 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 15:12 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-04 04:52 --------- d-----w c:\program files\RealArcade
2008-10-16 07:09 --------- d-----w c:\program files\Windows Mail
2008-10-15 00:55 --------- d--h--w c:\program files\Zero G Registry
2008-10-15 00:55 --------- d-----w c:\users\Aubrey\AppData\Roaming\Plazmic
2008-10-15 00:55 --------- d-----w c:\program files\Plazmic CDK 4.5
2008-10-15 00:25 --------- d-----w c:\program files\World of Warcraft
2008-10-11 16:00 --------- d-----w c:\program files\AIM
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-10 07:10 174 --sha-w c:\program files\desktop.ini
2008-05-20 00:18 61,224 ----a-w c:\users\Aubrey\GoToAssistDownloadHelper.exe
2008-02-24 18:20 0 ----a-w c:\users\Aubrey\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AIMPro"="c:\program files\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-11-24 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-10 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 03:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 17:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-05-25 01:03 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
--a------ 2007-02-15 05:00 179200 c:\windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-22 18:03 1838592 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-09-25 06:10 154136 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-09-25 06:10 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 03:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 03:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-09-25 06:10 129560 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-02-22 16:57 1232896 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-23 01:18 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 07:36 201728 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-11 08:26 4452352 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF47E514-E450-4B37-BB1D-2E7EEBDC4906}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E0B30A2-F521-497B-8D4E-2A123C94236B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7E26E368-A1BD-4652-82E7-834433722522}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{22FE4C9F-F706-4FB0-AE37-CDE2F9CBB5E7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2C1E9072-91D0-4732-9217-74BBD447148A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89110731-C550-49EF-BDE0-08899DB1E751}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEFE4605-B65F-4B37-A629-F86CC02A7701}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{5135187D-7503-403C-830A-D8F9498FAAFA}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{FC90DC7F-178A-4F70-8FCB-60ED6EEBC313}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{65DD15C6-4F8A-40FD-8480-C1B44D1C2316}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{80E861E8-56A2-4D28-ABF3-C528930A1141}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{14CF8E9C-6AC2-4582-A4FE-32D9AE0CB170}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{F2958616-A914-4C82-A4F7-5688A444DC1F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BF1D99E5-90C5-44C0-B76E-279E0AC4FF55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{C7DEB51B-65F6-4D38-B106-292DF8FB9999}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{203FF9FB-1361-47D9-BB46-50EC128103CD}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{9ABC9DDF-CE3F-4021-8E2C-6367017494C0}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0F58548D-EB2D-4EBF-B13B-B147C50174F9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8843D3A5-0C8F-4872-89AB-39535F881C02}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{57790377-B93D-4E10-80DE-7498ACBCA082}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{5E630313-5C15-4E8B-A816-7C9ED9D43B10}c:\\program files\\aim\\aim pro\\aimpro.exe"= UDP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"UDP Query User{E54EC69D-D42F-4AB3-B44B-A70BFCDF653E}c:\\program files\\aim\\aim pro\\aimpro.exe"= TCP:c:\program files\aim\aim pro\aimpro.exe:AIM Pro
"TCP Query User{B3BD2720-98C9-4FE0-B9C9-67628CF054D1}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{B040DB5F-BF75-4B67-A61A-326483AB3E16}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"TCP Query User{FA0BEDD2-2F89-4D8F-9C65-E1196CE86881}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= UDP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{755CDB64-E432-4E55-B901-B4452606DE54}c:\\program files\\plazmic cdk 4.5\\_jvm\\bin\\java.exe"= TCP:c:\program files\plazmic cdk 4.5\_jvm\bin\java.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{6073C102-EA65-4923-A9BE-9A87C947B81B}c:\\program files\\ipod\\fledge.exe"= UDP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"UDP Query User{D78EA6CC-FBD4-48DB-AA9C-E796A9747D2B}c:\\program files\\ipod\\fledge.exe"= TCP:c:\program files\ipod\fledge.exe:BlackBerry Handheld Simulator
"{F320AD76-9900-43E8-B7C7-1B9176CA9157}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{65FCF2A6-839F-46CE-ACFC-6CBABFF44481}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{7373EA0F-B97E-4984-9778-6879653593B6}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{9BCA5F5D-F58E-4E99-A6EA-C01EDF922FFC}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{FE02A508-FF80-440B-86AB-3CE6500FE960}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{B404F7FF-CD90-4268-BFA4-344F53C306F3}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{41478338-3592-4B56-9FA4-AB24A0C37FE3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{285D58C7-37F3-490F-BFF4-5BF3816135C4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AEBB6487-26F4-4A69-AE95-B881BF9A6060}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F92D0CBB-3E8C-4E13-829B-79CE03B4F497}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{FDD5034D-C6C9-4498-82D5-1A8099EDADE9}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3649902C-4E43-466E-BD44-874DFF35CE0C}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-11-20 628760]
S3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{376f36c6-afc8-11dd-b1cd-001d097e19f0}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c77b68f1-c939-11dc-8661-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\LVIPCAP\command - e:\techsupt\CaptureTest\Amcap8.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Aubrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{4841B1FA-891F-4210-AD22-D16CFD53E5D1}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 18:32:32
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-28 18:34:43
ComboFix-quarantined-files.txt 2008-11-28 23:33:45
ComboFix2.txt 2008-11-28 23:18:23
ComboFix3.txt 2008-11-28 22:48:14

Pre-Run: 73,982,767,104 bytes free
Post-Run: 73,947,770,880 bytes free

254 --- E O F --- 2008-11-28 21:25:48

Hello.
Log looks clean, how is the machine now?

Hey, the pop up hasnt come back up so far!!! Woo hoo, you are so awesome! I could never have figured this out on my own.

Good.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 10.
  
• Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 10".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  - Java 2 Runtime Environment, SE v1.4.2
  - J2SE Runtime Environment 5.0
  - J2SE Runtime Environment 5.0 Update 2
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe that you downloaded to install the newest version.
  

Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

EDIT: Posted in the completely wrong place. My apologies, admins.

Log removed. Start your own topic please.
------------

Topic locked. Everyone else, please start your own topic here:

http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/