Root kit? Please help - Free Antivirus Forum

Root kit? Please help

BullGuard Antivirus Forum > Virus Removal > Removal Help > Root kit? Please help

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

kHaoS
New Member

Date Joined Dec 2007
Total Posts : 20

Posted 9-6-2008 4:18 (GMT +1)

I got the XP 2008 antivirus crap, did a few attempts to remove, but some problems remain.
Whenever I try to remove a file (delete or shift+delete) "Norton Antivirus Install" starts.
It is obviously a fake install, as it shows a progress bar and then reverses down to "zero" again.
I already have Norton installed, but it is not working. When I try to start it the "install" thing pops up,
after hitting cancel Norton starts but shows: "An error occured while loading savrt32.dll" and then shuts down.

Posting a fresh ComboFix, Superantispyware and HiJackThis log.
__________________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15, on 2008-09-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\windows\system32\ctfmon.exe
C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\windows\system32\tcpsvcs.exe
C:\Program\Process Viewer 5.2.15.1\PrcView.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\NOTEPAD.EXE
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\windows\TEMP\E_S106B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1957994488-162531612-1801674531-500\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background (User 'Administratör')
O4 - HKUS\S-1-5-21-1957994488-162531612-1801674531-500\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'Administratör')
O4 - Startup: PrcView.lnk = C:\Program\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: SOUNDMAN.lnk = C:\WINDOWS\SOUNDMAN.EXE
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.torrentbytes.net
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_10) -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - http://www.tv6.se/component/option,com_expose/Itemid,1082/album,12/

--
End of file - 7635 bytes

__________________________________________________________________________________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/06/2008 at 04:03 PM

Application Version : 4.21.1004

Core Rules Database Version : 3558
Trace Rules Database Version: 1546

Scan type : Complete Scan
Total Scan Time : 00:34:04

Memory items scanned : 319
Memory threats detected : 0
Registry items scanned : 6430
Registry threats detected : 0
File items scanned : 23019
File threats detected : 2

Trojan.Unclassified-Packed/Suspicious
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4BD28293-D08E-46A8-8C7D-B6660A94C00D}\RP391\A0079338.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4BD28293-D08E-46A8-8C7D-B6660A94C00D}\RP391\A0079339.DLL

__________________________________________________________________________________________________________
ComboFix 07-12-09.1 - JockE 2007-12-10 16:05:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1443 [GMT 1:00]
Running from: C:\Documents and Settings\JockE\Mina dokument\DC\virus help\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\JockE\Mina dokument\CFScript.txt
* Created a new restore point

FILE
C:\windows\system32\qommjih.dll
C:\windows\system32\winkve32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\winkve32.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-10 15:34 . 2007-12-10 15:35 <KAT> d-------- C:\Program\Process Viewer
2007-12-10 15:17 . 2007-12-10 15:17 <KAT> d-------- C:\Deckard
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\WINDOWS\system32\config\systemprofile\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\NetworkService\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\LocalService\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\JockE\Lokala inställningar
2007-12-10 15:11 . 2007-12-10 15:11 <KAT> d-------- C:\Documents and Settings\Default User\Lokala inställningar
2007-12-10 15:11 . <KAT> C:\Documents and Settings\Administrat÷r\Lokala inställningar
2007-12-09 15:06 . 2007-12-09 15:06 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\Grisoft
2007-12-09 15:05 . 2007-12-09 15:11 <KAT> d-------- C:\Program\AVG Anti-Spyware 7.5
2007-12-09 15:05 . 2007-12-09 15:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-09 15:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-09 15:04 . 2007-12-09 15:04 <KAT> d-------- C:\Program\CCleaner
2007-12-09 14:07 . 2004-08-04 01:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-06 15:18 . 2007-12-06 15:19 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-05 17:15 . 2007-12-05 17:15 286,720 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-12-05 17:14 . 2007-12-05 17:14 696,320 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-12-05 17:12 . 2007-12-05 17:12 315,392 --a------ C:\WINDOWS\system32\3ivxDSEncoder.ax
2007-12-05 17:11 . 2007-12-05 17:11 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-12-05 17:09 . 2007-12-05 17:18 <KAT> d-------- C:\Program\Audio Converter
2007-12-05 17:07 . 2007-05-02 17:43 11,482,995 --------- C:\WINDOWS\AudioConverter.CAB
2007-12-05 17:07 . 2007-12-05 17:07 245,760 --------- C:\WINDOWS\Setup1.exe
2007-12-05 17:07 . 2007-12-05 17:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-12-05 17:07 . 2007-12-05 17:19 11,583 --a------ C:\WINDOWS\ST6UNST.000
2007-12-05 17:07 . 2007-12-05 17:10 9,474 --a------ C:\WINDOWS\SETUP.LST
2007-11-24 16:18 . 2007-11-24 17:54 <KAT> d-------- C:\Program\Blade Runner
2007-11-24 16:17 . 1997-04-08 20:08 299,520 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 15:07 --------- d-----w C:\Program\Symantec AntiVirus
2007-12-10 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-09 14:39 --------- d-----w C:\Program\CzDc
2007-12-07 13:27 --------- d-----w C:\Program\Billy
2007-12-06 17:13 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2007-11-06 15:01 --------- d-----w C:\Program\Steam
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-09-02 17:20]
"Start WingMan Profiler"="C:\Program\Logitech\Profiler\lwemon.exe" [2005-04-18 11:16]
"SpybotSD TeaTimer"="C:\Program\Spybot - Search & Destroy\TeaTimer.exe" [2005-04-13 00:04]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-03 23:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 11:42]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 20:56]
"HPHUPD05"="C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 04:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 04:00]
"SpybotSnD"="C:\Program\Spybot - Search & Destroy\SpybotSD.exe" [2005-04-13 00:04]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"NvCplDaemon"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-09-02 17:20 C:\WINDOWS\system32\rundll32.exe]
"PCSuiteTrayApplication"="C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 10:19]
"!AVG Anti-Spyware"="C:\Program\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Process Viewer 5.2.15.1\PrcView.exe [2006-08-25 16:42:49]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 12:28:04]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Personal.lnk.disabled [2007-04-23 18:26:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"NoRecentDocsMenu"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"= C:\WINDOWS\system32\ilmpjy.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JockE^Start-meny^Program^Autostart^VPTray.lnk]
backup=C:\WINDOWS\pss\VPTray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 15:07 49263 --a------ C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

R1 GhPciScan;GhostPciScanner;\??\C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 prcmondrv;prcmondrv;\??\C:\WINDOWS\system32\drivers\prcmondrv1041.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\windows\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\windows\system32\drivers\WmXlCore.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\windows\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\windows\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\windows\system32\drivers\WmVirHid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:30:00 C:\windows\Tasks\Advanced WindowsCare.job"
- C:\Program\Advanced WindowsCare V2\AutoCare.exe
"2007-09-29 08:11:01 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-10-02 18:00:00 C:\windows\Tasks\AwcUpdate.job"
- C:\Program\Advanced WindowsCare V2\AutoUpdate.exe
"2007-09-12 12:38:07 C:\windows\Tasks\HP DArC Task #Hewlett-Packard#7600#MY37I211FXD4.job"
- C:\Program\HP\hpcoretech\comp\hpdarc.exe
"2007-10-03 12:37:00 C:\windows\Tasks\HP Usg Daily.job"
- C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-10-03 07:00:00 C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program\Spybot - Search & Destroy\SpybotSD.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\windows\Explorer.EXE [6.00.2900.3156]
-> C:\Program\Unlocker\UnlockerHook.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 16:09:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 16:12:14 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-10 15:10
.
--- E O F ---

Post Edited (kHaoS) : 06-09-2008 15:20:23 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13594

Posted 9-6-2008 4:33 (GMT +1)

Hello again cool

Please download Malwarebytes' Anti-Malware:

http://www.spywarefri.dk/downloads1/mbam-setup.exe

Or here:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with fresh combofix log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

kHaoS
New Member

Date Joined Dec 2007
Total Posts : 20

Posted 9-7-2008 7:58 (GMT +1)

Hey there, did the mbam-scan and here's a fresh ComboFix as well.
The problem still remains though, it is also effecting right-click in the same way (i.e. the "Norton Install" starts).

Clean swipe needed?

___________________________
Malwarebytes' Anti-Malware 1.26
Databasversion: 1119
Windows 5.1.2600 Service Pack 3

2008-09-07 08:47:42
mbam-log-2008-09-07 (08-47-42).txt

Skanningstyp: Fullständig skanning (C:\|)
Antal skannade objekt: 120916
Förfluten tid: 31 minute(s), 47 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

___________________________
ComboFix 08-09-05.02 - JockE 2008-09-07 8:48:58.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1562 [GMT 2:00]
Running from: C:\Documents and Settings\JockE\Skrivbord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-06 13:06 . 2008-09-06 13:06 <KAT> d-------- C:\Program\SUPERAntiSpyware
2008-09-06 13:06 . 2008-09-06 13:06 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-09-06 08:39 . 2008-09-06 08:39 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware
2008-09-06 08:39 . 2008-09-06 08:39 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\Malwarebytes
2008-09-06 08:39 . 2008-09-06 08:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 08:39 . 2008-09-02 00:24 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 08:39 . 2008-09-02 00:24 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 17:37 . 2008-09-06 11:53 <KAT> d-------- C:\WINDOWS\system32\BE KIND REWIND dir
2008-08-25 20:19 . 2006-09-15 16:39 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-22 00:09 . 2008-06-14 19:36 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-22 00:06 . 2008-08-22 00:06 <KAT> d-------- C:\Program\microsoft frontpage
2008-08-21 21:53 . 2008-08-21 21:53 <KAT> d-------- C:\WINDOWS\system32\sv
2008-08-21 21:53 . 2008-08-21 21:53 <KAT> d-------- C:\WINDOWS\system32\bits
2008-08-21 21:53 . 2008-08-21 21:53 <KAT> d-------- C:\WINDOWS\l2schemas
2008-08-21 21:51 . 2008-08-21 21:51 <KAT> d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 18:39 . 2008-09-03 17:16 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\EPSON
2008-08-19 06:59 . 2004-08-04 01:07 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-18 17:54 . 2008-08-19 15:29 <KAT> d-------- C:\TIM
2008-08-18 17:50 . 2008-08-20 18:08 <KAT> d-------- C:\Program\DOSBox-0.72
2008-08-13 23:21 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 15:10 --------- d-----w C:\Program\torrents.to
2008-09-06 15:10 --------- d-----w C:\Program\Conduit
2008-09-06 11:06 --------- d-----w C:\Documents and Settings\JockE\Application Data\SUPERAntiSpyware.com
2008-09-06 11:03 --------- d-----w C:\Program\Notepad++
2008-09-06 11:03 --------- d-----w C:\Documents and Settings\JockE\Application Data\Notepad++
2008-09-06 11:02 --------- d-----w C:\Program\Easy DVD CD Burner
2008-09-06 11:01 --------- d-----w C:\Program\Hewlett-Packard
2008-09-06 09:53 --------- d--h--w C:\Program\InstallShield Installation Information
2008-09-06 09:52 --------- d-----w C:\Program\uTorrent
2008-09-06 07:55 --------- d-----w C:\Program\Symantec AntiVirus
2008-09-06 07:30 --------- d-----w C:\Program\CzDc
2008-09-04 20:13 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2008-09-04 18:35 --------- d-----w C:\Program\DivX
2008-08-22 17:56 --------- d-----w C:\Program\MSN Messenger
2008-07-20 09:59 --------- d-----w C:\Program\EPSON Print CD
2008-07-18 20:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-18 20:10 45,768 -c--a-w C:\windows\system32\wups2.dll
2008-07-18 20:10 36,552 -c--a-w C:\windows\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-07 20:29 253,952 ----a-w C:\windows\system32\es.dll
2008-06-24 16:46 74,240 ----a-w C:\windows\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\windows\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\windows\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot_2008-09-06_10.12.34.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-06 11:06:38 18,944 ----a-r C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-09-06 11:06:38 65,024 ----a-r C:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"EPSON Stylus Photo RX585 Series"="C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE" [2007-03-30 182272]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 86016]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2008-04-27 3044629]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Program\Process Viewer 5.2.15.1\PrcView.exe [2007-12-28 335872]
SOUNDMAN.lnk - C:\WINDOWS\SOUNDMAN.EXE [2006-04-29 77824]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 85744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax
"vidc.avrn"= C:\Program\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.advj"= C:\Program\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.mszh"= C:\Program\ACE Mega CoDecS Pack\SystemS\avimszh.dll
"vidc.zlib"= C:\Program\ACE Mega CoDecS Pack\SystemS\avizlib.dll
"vidc.cscd"= C:\Program\ACE Mega CoDecS Pack\SystemS\camcodec.dll
"vidc.cvid"= C:\Program\ACE Mega CoDecS Pack\SystemS\iccvid.dll
"msacm.trspch"= C:\Program\ACE Mega CoDecS Pack\SystemS\tssoft32.acm
"vidc.em2v"= C:\Program\ACE Mega CoDecS Pack\SystemS\etxcodec.dll
"vidc.mkvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll
"vidc.hfyu"= C:\Program\ACE Mega CoDecS Pack\SystemS\huffyuv.dll
"msacm.lameacm"= C:\Program\ACE Mega CoDecS Pack\SystemS\lameacm.acm
"msacm.lhacm"= C:\Program\ACE Mega CoDecS Pack\SystemS\lhacm.acm
"msacm.l3acm"= C:\Program\ACE Mega CoDecS Pack\SystemS\l3codecp.acm
"vidc.sjpg"= C:\Program\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.dmb2"= C:\Program\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.gepj"= C:\Program\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.qpeg"= C:\Program\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
"vidc.q1.0"= C:\Program\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
"msacm.sl_anet"= C:\Program\ACE Mega CoDecS Pack\SystemS\sl_anet.acm
"vidc.tscc"= C:\Program\ACE Mega CoDecS Pack\SystemS\tsccvid.dll
"vidc.vifp"= C:\Program\ACE Mega CoDecS Pack\SystemS\vfcodec.dll
"vidc.wrpr"= C:\Program\ACE Mega CoDecS Pack\SystemS\aviwrap.dll
"vidc.wnv1"= C:\Program\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll
"vidc.advs"= C:\Program\ACE Mega CoDecS Pack\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
"vidc.afli"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
"vidc.aasc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= C:\Program\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= C:\Program\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= C:\Program\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= C:\Program\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= C:\Program\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll
"vidc.yv12"= C:\Program\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll
"vidc.bt20"= C:\Program\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
"vidc.y41p"= C:\Program\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
"msacm.pcdv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll
"msacm.CoreFLAC_ACM"= C:\Program\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm
"vidc.davc"= C:\Program\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll
"vidc.div3"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\divx4.dll
"vidc.divx"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivX520.dll
"msacm.divxa32"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm
"vidc.frwd"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
"vidc.frwt"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
"vidc.frwa"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll
"vidc.frwu"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll
"vidc.glzw"= C:\Program\ACE Mega CoDecS Pack\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= C:\Program\ACE Mega CoDecS Pack\SystemS\Gabest\GPEG.dll
"vidc.i263"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv
"vidc.iv30"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv31"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv32"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv33"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv34"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv35"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv36"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv37"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv38"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv39"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv40"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv41"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv42"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv43"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv44"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv45"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv46"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv47"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv48"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv49"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv50"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"msacm.imc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\IMC32.ACM
"vidc.lead"= C:\Program\ACE Mega CoDecS Pack\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dvcs"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dcmj"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.avi1"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.avi2"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.dv25"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm
"msacm.imaadpcm"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm
"msacm.msg711"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm
"msacm.msg723"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm
"msacm.msgsm610"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm
"vidc.m261"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv
"vidc.m263"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.i420"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.mrle"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll
"vidc.uyvy"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yuy2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yvyu"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.msvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.cram"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.mpg4"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp41"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp42"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp43"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4s"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4v"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.wmv3"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\WMV9VCM.dll
"msacm.msaudio1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm
"vidc.vixl"= C:\Program\ACE Mega CoDecS Pack\SystemS\Miro\miroxl32.dll
"vidc.nt00"= C:\Program\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= C:\Program\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm
"vidc.vp30"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
"vidc.vp31"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
"vidc.vp60"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
"vidc.vp61"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
"vidc.pdvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.ipdv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.pvw2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.dcap"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.mjpa"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.gpjm"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.pim1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= C:\Program\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= C:\Program\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll
"vidc.rud0"= C:\Program\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll
"msacm.at3"= C:\Program\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm
"vidc.sony"= C:\Program\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
"vidc.dvcp"= C:\Program\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
"vidc.s422"= C:\Program\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll
"vidc.t420"= C:\Program\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= C:\Program\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll
"msacm.voxacm160"= C:\Program\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= C:\Program\ACE Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
--a--c--- 2007-06-11 22:34 190696 C:\Program\Opera\program\plugins\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-05-07 21:56 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
-ra------ 2003-05-23 05:00 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
-ra--c--- 2003-05-23 05:03 49152 C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-01-23 11:19 223232 C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a--c--- 2006-11-09 17:15 1634304 C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2005-04-18 12:16 73728 C:\Program\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 16:07 49263 C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\CzDc\\CzDC.exe"=
"C:\\Program\\ICQLite\\ICQLite.exe"=
"C:\\Documents and Settings\\JockE\\Mina dokument\\DC\\Appz\\Internet\\P2P\\ApexDC-s14\\ApexDC-s14.exe\\ApexDC-s14.exe"=
"C:\\Program\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Program\\Steam\\steamapps\\scary_name\\half-life 2 deathmatch\\hl2.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-gruppering
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 GhPciScan;GhostPciScanner;C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 prcmondrv;prcmondrv;C:\WINDOWS\system32\drivers\prcmondrv1041.sys [2007-05-20 18432]
S3 p2pgasvc;Autentisering för grupper i peer-nätverk;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Identitetshanteraren för peer-nätverk;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer-nätverk;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer-namnmatchningsprotokoll;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\JockE\Application Data\Mozilla\Firefox\Profiles\kh62rvpj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1053&_lang=SV
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 08:50:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-07 8:51:18
ComboFix-quarantined-files.txt 2008-09-07 06:51:16
ComboFix2.txt 2007-12-10 15:12:15
ComboFix3.txt 2008-09-06 08:32:37
ComboFix4.txt 2008-09-06 08:13:07
ComboFix5.txt 2008-09-07 06:48:44

Pre-Run: 31,617,581,056 byte ledigt
Post-Run: 31,601,283,072 byte ledigt

346 --- E O F --- 2008-08-22 15:43:47

kHaoS
New Member

Date Joined Dec 2007
Total Posts : 20

Posted 9-7-2008 5:58 (GMT +1)

I gathered that the problem was related to Symantec (Norton) AV, so I uninstalled it and then reinstalled it.
I'm doing a full scan right now, and it has found (so far) 2 counts of "tdssserv.sys.vir".
I'm gonna let it run and then post a fresh ComboFix/HJT log, hopefully it will be clean.

kHaoS
New Member

Date Joined Dec 2007
Total Posts : 20

Posted 9-7-2008 10:01 (GMT +1)

Scans are complete, posting logs.
Seem to be running better now, maybe it's sorted?

Edit:
No, it's still there. Rebooted and the Norton tray icon is gone again. Right click initiates "install" and so on.
!!!! crap.
_________________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/07/2008 at 09:40 PM

Application Version : 4.21.1004

Core Rules Database Version : 3558
Trace Rules Database Version: 1546

Scan type : Complete Scan
Total Scan Time : 00:34:18

Memory items scanned : 328
Memory threats detected : 0
Registry items scanned : 6428
Registry threats detected : 0
File items scanned : 23263
File threats detected : 0
___________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09, on 2008-09-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Symantec AntiVirus\DefWatch.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
C:\Program\Unlocker\UnlockerAssistant.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Program\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\windows\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\windows\system32\tcpsvcs.exe
C:\Program\Process Viewer 5.2.15.1\PrcView.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\windows\system32\svchost.exe
C:\Program\Opera\Opera.exe
C:\Documents and Settings\JockE\Mina dokument\DC\Appz\Virus Removal Tools\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.torrentbytes.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\windows\TEMP\E_S106B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1957994488-162531612-1801674531-500\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'Administratör')
O4 - Startup: PrcView.lnk = C:\Program\Process Viewer 5.2.15.1\PrcView.exe
O4 - Startup: SOUNDMAN.lnk = C:\WINDOWS\SOUNDMAN.EXE
O4 - Startup: VPTray.lnk = C:\Program\Symantec AntiVirus\VPTray.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.torrentbytes.net
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-10574d4585007be1.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_10) -
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) -
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program\Symantec\Symantec System Center\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7344 bytes
_____________________________________________________
ComboFix 08-09-05.03 - JockE 2008-09-07 22:10:42.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1551 [GMT 2:00]
Running from: C:\Documents and Settings\JockE\Skrivbord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-07 15:57 . 2008-09-07 21:02 <KAT> d-------- C:\Program\Symantec AntiVirus
2008-09-07 15:57 . 2005-09-17 00:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-07 15:57 . 2005-09-17 00:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-07 12:03 . 2008-09-07 12:03 <KAT> d-------- C:\Documents and Settings\JockE\Lokala instõllningar
2008-09-07 12:03 . 2008-09-07 12:03 <KAT> d-------- C:\Documents and Settings\Administrat÷r\Lokala instõllningar
2008-09-07 12:03 . 2008-09-07 12:03 <KAT> d-------- C:\Documents and Settings\Administrat÷r.KHAOS\Lokala instõllningar
2008-09-07 12:03 . 2008-09-07 12:03 <KAT> d-------- C:\Documents and Settings\Administrat÷r.KHAOS
2008-09-07 12:03 . 2008-09-07 12:03 <KAT> d-------- C:\Documents and Settings\Administrat÷r
2008-09-07 11:50 . 2008-09-07 13:32 <KAT> d-------- C:\Program\AVG Anti-Spyware 7.5
2008-09-07 11:50 . 2008-09-07 11:50 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\Grisoft
2008-09-07 11:50 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-09-06 13:06 . 2008-09-06 13:06 <KAT> d-------- C:\Program\SUPERAntiSpyware
2008-09-06 13:06 . 2008-09-06 13:06 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-09-06 08:39 . 2008-09-06 08:39 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware
2008-09-06 08:39 . 2008-09-06 08:39 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\Malwarebytes
2008-09-06 08:39 . 2008-09-06 08:39 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 08:39 . 2008-09-02 00:24 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-06 08:39 . 2008-09-02 00:24 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-03 17:37 . 2008-09-06 11:53 <KAT> d-------- C:\WINDOWS\system32\BE KIND REWIND dir
2008-08-25 20:19 . 2006-09-15 16:39 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-08-22 00:09 . 2008-06-14 19:36 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-22 00:06 . 2008-08-22 00:06 <KAT> d-------- C:\Program\microsoft frontpage
2008-08-21 21:53 . 2008-08-21 21:53 <KAT> d-------- C:\WINDOWS\system32\sv
2008-08-21 21:53 . 2008-08-21 21:53 <KAT> d-------- C:\WINDOWS\system32\bits
2008-08-21 21:53 . 2008-08-21 21:53 <KAT> d-------- C:\WINDOWS\l2schemas
2008-08-21 21:51 . 2008-08-21 21:51 <KAT> d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 18:39 . 2008-09-03 17:16 <KAT> d-------- C:\Documents and Settings\JockE\Application Data\EPSON
2008-08-19 06:59 . 2004-08-04 01:07 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-18 17:54 . 2008-08-19 15:29 <KAT> d-------- C:\TIM
2008-08-18 17:50 . 2008-08-20 18:08 <KAT> d-------- C:\Program\DOSBox-0.72
2008-08-13 23:21 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 14:02 --------- d-----w C:\Program\Delade filer\Symantec Shared
2008-09-07 13:57 --------- d-----w C:\Program\Symantec
2008-09-07 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-07 09:54 --------- d-----w C:\Program\CzDc
2008-09-07 09:47 --------- d-----w C:\Program\LiveUpdate Administration
2008-09-06 15:10 --------- d-----w C:\Program\torrents.to
2008-09-06 15:10 --------- d-----w C:\Program\Conduit
2008-09-06 11:06 --------- d-----w C:\Documents and Settings\JockE\Application Data\SUPERAntiSpyware.com
2008-09-06 11:03 --------- d-----w C:\Program\Notepad++
2008-09-06 11:03 --------- d-----w C:\Documents and Settings\JockE\Application Data\Notepad++
2008-09-06 11:02 --------- d-----w C:\Program\Easy DVD CD Burner
2008-09-06 11:01 --------- d-----w C:\Program\Hewlett-Packard
2008-09-06 09:53 --------- d--h--w C:\Program\InstallShield Installation Information
2008-09-06 09:52 --------- d-----w C:\Program\uTorrent
2008-09-04 20:13 --------- d-----w C:\Documents and Settings\JockE\Application Data\uTorrent
2008-09-04 18:35 --------- d-----w C:\Program\DivX
2008-08-22 17:56 --------- d-----w C:\Program\MSN Messenger
2008-07-20 09:59 --------- d-----w C:\Program\EPSON Print CD
2008-07-18 20:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-18 20:10 45,768 -c--a-w C:\windows\system32\wups2.dll
2008-07-18 20:10 36,552 -c--a-w C:\windows\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-07 20:29 253,952 ----a-w C:\windows\system32\es.dll
2008-06-24 16:46 74,240 ----a-w C:\windows\system32\mscms.dll
2008-06-23 16:42 826,368 ----a-w C:\windows\system32\wininet.dll
2008-06-20 17:49 247,296 ----a-w C:\windows\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-07_12.03.20.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-04-29 08:23:18 25,214 -c--a-r C:\windows\Installer\{46B63F23-2B4A-4525-A827-688026BE5E40}\ARPPRODUCTICON.exe
+ 2008-09-07 13:58:22 25,214 ----a-r C:\windows\Installer\{46B63F23-2B4A-4525-A827-688026BE5E40}\ARPPRODUCTICON.exe
- 2006-04-29 08:23:18 40,960 -c--a-r C:\windows\Installer\{46B63F23-2B4A-4525-A827-688026BE5E40}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2008-09-07 13:58:22 40,960 ----a-r C:\windows\Installer\{46B63F23-2B4A-4525-A827-688026BE5E40}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus Photo RX585 Series"="C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE" [2007-03-30 182272]
"SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 5562368]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 86016]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2008-04-27 3044629]
"!AVG Anti-Spyware"="C:\Program\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="C:\Program\SYMANT~1\VPTray.exe" [2005-11-15 85744]

C:\Documents and Settings\JockE\Start-meny\Program\Autostart\
PrcView.lnk - C:\Program\Process Viewer 5.2.15.1\PrcView.exe [2007-12-28 335872]
SOUNDMAN.lnk - C:\WINDOWS\SOUNDMAN.EXE [2006-04-29 77824]
VPTray.lnk - C:\Program\Symantec AntiVirus\VPTray.exe [2005-11-15 85744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableCAD"= 0 (0x0)
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\iac25_32.ax
"vidc.avrn"= C:\Program\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.advj"= C:\Program\ACE Mega CoDecS Pack\SystemS\avidavicodec.dll
"vidc.mszh"= C:\Program\ACE Mega CoDecS Pack\SystemS\avimszh.dll
"vidc.zlib"= C:\Program\ACE Mega CoDecS Pack\SystemS\avizlib.dll
"vidc.cscd"= C:\Program\ACE Mega CoDecS Pack\SystemS\camcodec.dll
"vidc.cvid"= C:\Program\ACE Mega CoDecS Pack\SystemS\iccvid.dll
"msacm.trspch"= C:\Program\ACE Mega CoDecS Pack\SystemS\tssoft32.acm
"vidc.em2v"= C:\Program\ACE Mega CoDecS Pack\SystemS\etxcodec.dll
"vidc.mkvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\kmvidc32.dll
"vidc.hfyu"= C:\Program\ACE Mega CoDecS Pack\SystemS\huffyuv.dll
"msacm.lameacm"= C:\Program\ACE Mega CoDecS Pack\SystemS\lameacm.acm
"msacm.lhacm"= C:\Program\ACE Mega CoDecS Pack\SystemS\lhacm.acm
"msacm.l3acm"= C:\Program\ACE Mega CoDecS Pack\SystemS\l3codecp.acm
"vidc.sjpg"= C:\Program\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.dmb2"= C:\Program\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.gepj"= C:\Program\ACE Mega CoDecS Pack\SystemS\pmjpeg32.dll
"vidc.qpeg"= C:\Program\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
"vidc.q1.0"= C:\Program\ACE Mega CoDecS Pack\SystemS\Qpeg32.dll
"msacm.sl_anet"= C:\Program\ACE Mega CoDecS Pack\SystemS\sl_anet.acm
"vidc.tscc"= C:\Program\ACE Mega CoDecS Pack\SystemS\tsccvid.dll
"vidc.vifp"= C:\Program\ACE Mega CoDecS Pack\SystemS\vfcodec.dll
"vidc.wrpr"= C:\Program\ACE Mega CoDecS Pack\SystemS\aviwrap.dll
"vidc.wnv1"= C:\Program\ACE Mega CoDecS Pack\SystemS\wnvplay1.dll
"vidc.advs"= C:\Program\ACE Mega CoDecS Pack\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
"vidc.afli"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\flccodec32.dll
"vidc.aasc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= C:\Program\ACE Mega CoDecS Pack\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= C:\Program\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= C:\Program\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= C:\Program\ACE Mega CoDecS Pack\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= C:\Program\ACE Mega CoDecS Pack\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= C:\Program\ACE Mega CoDecS Pack\SystemS\ATI\ativcr2.dll
"vidc.yv12"= C:\Program\ACE Mega CoDecS Pack\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Aware\icmw_32.dll
"vidc.bt20"= C:\Program\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
"vidc.y41p"= C:\Program\ACE Mega CoDecS Pack\SystemS\Brooktree\btvvc32.drv
"msacm.pcdv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Core\CorePNG_vfw.dll
"msacm.CoreFLAC_ACM"= C:\Program\ACE Mega CoDecS Pack\SystemS\Core\CoreFLAC_ACM.acm
"vidc.davc"= C:\Program\ACE Mega CoDecS Pack\SystemS\dicas\davcvfw.dll
"vidc.div3"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div5"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32.dll
"vidc.div4"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.div6"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\divx4.dll
"vidc.divx"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\DivX520.dll
"msacm.divxa32"= C:\Program\ACE Mega CoDecS Pack\SystemS\DivX\divxa32.acm
"vidc.frwd"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
"vidc.frwt"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwd.dll
"vidc.frwa"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwt.dll
"vidc.frwu"= C:\Program\ACE Mega CoDecS Pack\SystemS\Forward\frwu.dll
"vidc.glzw"= C:\Program\ACE Mega CoDecS Pack\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= C:\Program\ACE Mega CoDecS Pack\SystemS\Gabest\GPEG.dll
"vidc.i263"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\i263_32.drv
"vidc.iv30"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv31"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv32"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv33"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv34"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv35"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv36"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv37"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv38"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv39"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir32_32.dll
"vidc.iv40"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv41"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv42"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv43"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv44"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv45"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv46"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv47"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv48"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv49"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir41_32.dll
"vidc.iv50"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\ir50_32.dll
"vidc.iyuv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\iyuv_32.dll
"vidc.yvu9"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\Iyvu9_32.dll
"vidc.ir21"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\IR21_R.DLL
"msacm.imc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Intel\IMC32.ACM
"vidc.lead"= C:\Program\ACE Mega CoDecS Pack\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dvcs"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCDVD_32.DLL
"vidc.dcmj"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.avi1"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.avi2"= C:\Program\ACE Mega CoDecS Pack\SystemS\MainConcept\MCMJPG32.DLL
"vidc.dv25"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= C:\Program\ACE Mega CoDecS Pack\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msadp32.acm
"msacm.imaadpcm"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\imaadp32.acm
"msacm.msg711"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msg711.acm
"msacm.msg723"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msg723.acm
"msacm.msgsm610"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msgsm32.acm
"vidc.m261"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msh261.drv
"vidc.m263"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.i420"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msh263.drv
"vidc.mrle"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msrle32.dll
"vidc.uyvy"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yuy2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.yvyu"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msyuv.dll
"vidc.msvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.cram"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msvidc32.dll
"vidc.mpg4"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp41"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp42"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp43"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4s"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.mp4v"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\mpg4c32.dll
"vidc.wmv3"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\WMV9VCM.dll
"msacm.msaudio1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Microsoft\msaud32.acm
"vidc.vixl"= C:\Program\ACE Mega CoDecS Pack\SystemS\Miro\miroxl32.dll
"vidc.nt00"= C:\Program\ACE Mega CoDecS Pack\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= C:\Program\ACE Mega CoDecS Pack\SystemS\OGG\vorbis.acm
"vidc.vp30"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
"vidc.vp31"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp31vfw.dll
"vidc.vp60"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
"vidc.vp61"= C:\Program\ACE Mega CoDecS Pack\SystemS\On2 Technologies\vp6vfw.dll
"vidc.pdvc"= C:\Program\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.ipdv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Panasonic\idvcodec.dll
"vidc.pvw2"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.dcap"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\mirodv2avi.dll
"vidc.mjpa"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.gpjm"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\rtmjpgcdc.dll
"vidc.pim1"= C:\Program\ACE Mega CoDecS Pack\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= C:\Program\ACE Mega CoDecS Pack\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= C:\Program\ACE Mega CoDecS Pack\SystemS\REALmagic\rmp4.dll
"vidc.rud0"= C:\Program\ACE Mega CoDecS Pack\SystemS\Rududu\rududu.dll
"msacm.at3"= C:\Program\ACE Mega CoDecS Pack\SystemS\SONY\atrac3.acm
"vidc.sony"= C:\Program\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
"vidc.dvcp"= C:\Program\ACE Mega CoDecS Pack\SystemS\SONY\sonydv.dll
"vidc.s422"= C:\Program\ACE Mega CoDecS Pack\SystemS\Tekram\tekyuv.dll
"vidc.t420"= C:\Program\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= C:\Program\ACE Mega CoDecS Pack\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= C:\Program\ACE Mega CoDecS Pack\SystemS\Vanguard Software Sollutions\vsscodec.dll
"msacm.voxacm160"= C:\Program\ACE Mega CoDecS Pack\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= C:\Program\ACE Mega CoDecS Pack\SystemS\XviD\xvidvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 00:29 165784 C:\Program\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
--a--c--- 2007-06-11 22:34 190696 C:\Program\Opera\program\plugins\NPSWF32_FlashUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-05-07 21:56 188416 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
-ra--c--- 2003-05-23 05:03 49152 C:\Program\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-01-23 11:19 223232 C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a--c--- 2006-11-09 17:15 1634304 C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 20:16 286720 C:\Program\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-02-20 17:19 356352 C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2005-04-18 12:16 73728 C:\Program\Logitech\Profiler\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-11-09 16:07 49263 C:\Program\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GhostStartTrayApp"=C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program\\CzDc\\CzDC.exe"=
"C:\\Program\\ICQLite\\ICQLite.exe"=
"C:\\Documents and Settings\\JockE\\Mina dokument\\DC\\Appz\\Internet\\P2P\\ApexDC-s14\\ApexDC-s14.exe\\ApexDC-s14.exe"=
"C:\\Program\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Program\\Steam\\steamapps\\scary_name\\half-life 2 deathmatch\\hl2.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-gruppering
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 GhPciScan;GhostPciScanner;C:\Program\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 prcmondrv;prcmondrv;C:\WINDOWS\system32\drivers\prcmondrv1041.sys [2007-05-20 18432]
S3 p2pgasvc;Autentisering för grupper i peer-nätverk;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Identitetshanteraren för peer-nätverk;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer-nätverk;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer-namnmatchningsprotokoll;C:\windows\system32\svchost.exe [2008-04-14 14336]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);C:\windows\system32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;C:\windows\system32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;C:\windows\system32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);C:\windows\system32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;C:\windows\system32\DRIVERS\s916obex.sys [2007-11-02 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HPHmon05 - C:\WINDOWS\system32\hphmon05.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\JockE\Application Data\Mozilla\Firefox\Profiles\kh62rvpj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=0&fs=1&fsa=1&fsat=1296000&lc=1053&_lang=SV
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 22:12:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-07 22:13:36
ComboFix-quarantined-files.txt 2008-09-07 20:13:31
ComboFix2.txt 2008-09-07 10:03:45
ComboFix3.txt 2008-09-07 06:51:20
ComboFix4.txt 2007-12-10 15:12:15
ComboFix5.txt 2008-09-07 18:45:05

Pre-Run: 34,296,246,272 byte ledigt
Post-Run: 34,278,367,232 byte ledigt

365 --- E O F --- 2008-08-22 15:43:47

Post Edited (kHaoS) : 08-09-2008 12:54:04 GMT

Forum Information

Currently it is Thursday, November 20, 2008 3:38 PM (GMT +1)
There are a total of 63.932 posts in 15.821 threads.
In the last 3 days there were 33 new threads and 156 reply posts. View Active Threads