Second computer
Results 1 to 10 of 10

Thread: Second computer

  1. January 9th, 2010, 02:24 AM #1
    hunt_michelle
    hunt_michelle is offline Virtual Intern
    Join Date
    Jan 2006
    Posts
    400

    Second computer

    Okay, so, trying to clean off another computer. I don't think there should be any viruses on here or anything but I'll post here just incase. I think it's mostly a bunch of programs and old files that no one uses that I need to try and get rid of. I've done this often enough to know that after my first post, someone will post back and tell me to run SuperAntiSpyware, MalwareBytes and GMER so I've done all of those scans already, haha.

    Apparently the SuperAntiSpyware log didn't save. Nothing high risk showed up in there though. 26 threats in all, 10 of one kind and 16 of another and they were both adware. One was Zangoo and the other was ShoppingReport or something I think? Haha.

    Malwarebytes' Anti-Malware 1.37
    Database version: 2239
    Windows 5.1.2600 Service Pack 2

    09/01/2010 12:35:39 AM
    mbam-log-2010-01-09 (00-35-39).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 250852
    Time elapsed: 1 hour(s), 32 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Delete on reboot.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Reply With Quote Reply With Quote
  2. January 9th, 2010, 02:24 AM #2
    hunt_michelle
    hunt_michelle is offline Virtual Intern
    Join Date
    Jan 2006
    Posts
    400
    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2010-01-09 02:43:45
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAACA06B8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAACA0574]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAACA0A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAACA014C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAACA064E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAACA008C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAACA00F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAACA076E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAACA072E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAACA08AE]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAAD5D0B0]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!LoadResource 7C809FC5 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!FindResourceExW 7C80AC98 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!FindResourceW 7C80BBDE 7 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!SizeofResource 7C80BC79 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!FindResourceA 7C80BE99 7 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!LockResource 7C80CCA7 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!CreateEventA 7C8308C9 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] kernel32.dll!FindResourceExA 7C835FC0 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] ADVAPI32.dll!CryptDeriveKey 77DEA005 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] ADVAPI32.dll!CryptDecrypt 77DEA131 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!GetWindowLongW 77D4887E 7 Bytes JMP 28006B00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!PeekMessageW 77D49278 5 Bytes JMP 280046C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 28003CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!SetWindowRgn 77D51DE0 7 Bytes JMP 28005FE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!LoadIconW 77D52174 5 Bytes JMP 28006960 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!LoadImageW 77D542A4 5 Bytes JMP 28006770 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!CreateDialogParamW 77D6629F 5 Bytes JMP 28006120 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!SetWindowPlacement 77D6FBEA 5 Bytes JMP 28005EA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 28006310 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] USER32.dll!TrackPopupMenuEx 77D9CAFE 5 Bytes JMP 28004FA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WS2_32.dll!send 71AB428A 5 Bytes JMP 2800B770 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 2800B550 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WS2_32.dll!recv 71AB615A 5 Bytes JMP 2800B3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 2800B950 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 2800BB90 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] SHELL32.dll!Shell_NotifyIconW 7CA21BEA 5 Bytes JMP 28003440 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] ole32.dll!CoInitializeEx 774F42F3 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] ole32.dll!CoRegisterClassObject 77541BFC 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 2800A560 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 2800A220 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 2800A3B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 2800A490 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
    Reply With Quote Reply With Quote
  3. January 9th, 2010, 02:26 AM #3
    hunt_michelle
    hunt_michelle is offline Virtual Intern
    Join Date
    Jan 2006
    Posts
    400
    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\wuauclt.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\wuauclt.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\wuauclt.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\wuauclt.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[692] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
    IAT C:\Program Files\Messenger\msmsgs.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Messenger\msmsgs.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Messenger\msmsgs.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Messenger\msmsgs.exe[1336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Paul\Desktop\e32l6e4k.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Paul\Desktop\e32l6e4k.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Paul\Desktop\e32l6e4k.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Documents and Settings\Paul\Desktop\e32l6e4k.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\ehome\ehtray.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\ehome\ehtray.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\ehome\ehtray.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\ehome\ehtray.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[2392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[2704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\iTunes\iTunesHelper.exe[2768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\iTunes\iTunesHelper.exe[2768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\iTunes\iTunesHelper.exe[2768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\iTunes\iTunesHelper.exe[2768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\hkcmd.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\hkcmd.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\hkcmd.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\hkcmd.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\igfxpers.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\igfxpers.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\igfxpers.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\igfxpers.exe[2904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\stsystra.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\stsystra.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\stsystra.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\stsystra.exe[2928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\system32\ctfmon.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    Reply With Quote Reply With Quote
  4. January 9th, 2010, 02:27 AM #4
    hunt_michelle
    hunt_michelle is offline Virtual Intern
    Join Date
    Jan 2006
    Posts
    400
    IAT C:\WINDOWS\system32\ctfmon.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01202F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01202CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01202D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3080] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01202CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [04CC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [04CC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [04CC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [04CC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\LimeWire\LimeWire.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\LimeWire\LimeWire.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\LimeWire\LimeWire.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\LimeWire\LimeWire.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \FileSystem\Fastfat \Fat A8D75C8A

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0x61 0xD8 0x2B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x31 0x42 0xCC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0x61 0xD8 0x2B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x31 0x42 0xCC ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4F 0x61 0xD8 0x2B ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEE 0x31 0x42 0xCC ...
    Reg HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs@ {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    Reg HKLM\SOFTWARE\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\TypeLib@ {2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}
    Reg HKLM\SOFTWARE\Classes\Interface\{018AEEB2-991D-1A04-BD95-3732724599D6}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid@ {00020420-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32@ {00020420-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib@ {29D67D3C-509A-4544-903F-C8C1B8236554}
    Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\TypeLib@ {2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}
    Reg HKLM\SOFTWARE\Classes\Interface\{318F50FE-44BE-3D0D-CD2E-086A2F9BEA54}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\TypeLib@ {2CEAF59B-9412-C46A-69C6-DF41A7CC6F15}
    Reg HKLM\SOFTWARE\Classes\Interface\{400EDC65-3199-7508-E853-493259993D39}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib@ {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
    Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib@ {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
    Reg HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib@ {CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
    Reg HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}
    Reg HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib@ {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
    Reg HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib@Version 1.0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0@ HbExternalLib
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32@ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll\4
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS@ 0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
    Reg HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR@ C:\Program Files\ShoppingReport\Bin\2.5.0\
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0@ PSClient 1.0 Type Library
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32@ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll\3
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS@ 0
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
    Reg HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR@ C:\Program Files\ShoppingReport\Bin\2.5.0\

    ---- EOF - GMER 1.0.15 ----
    Reply With Quote Reply With Quote
  6. January 9th, 2010, 02:27 AM #5
    hunt_michelle
    hunt_michelle is offline Virtual Intern
    Join Date
    Jan 2006
    Posts
    400
    Geez, that GMER log is long :P.




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:52:16 AM, on 09/01/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\spupdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\medctrro.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Paul\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/nl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aliant.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://games.bigfishgames.com/en_coo...eb.1.0.0.9.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/.../GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182438811484
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://games.bigfishgames.com/en_bur...sPlayer_v4.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {BBD4C71D-71F5-11D2-8BB0-000000001234} (MusicCtl Class) - http://games.bigfishgames.com/en_pap...haseLoader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
    O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://games.bigfishgames.com/en_wed...h.1.0.0.47.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c9a3e5d42c25db) (gupdate1c9a3e5d42c25db) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

    --
    End of file - 11243 bytes
    Reply With Quote Reply With Quote
  7. January 9th, 2010, 02:36 AM #6
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Go to Kaspersky website and perform an online antivirus scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases

    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.
    My Home Page
    Reply With Quote Reply With Quote
  8. January 10th, 2010, 09:29 AM #7
    hunt_michelle
    hunt_michelle is offline Virtual Intern
    Join Date
    Jan 2006
    Posts
    400
    So, I scanned and there were no threats found, haha.
    Reply With Quote Reply With Quote
  9. January 10th, 2010, 01:04 PM #8
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).

    ==============================================================

    Print this post out, since you won't have an access to it, at some point.

    1. Open HijackThis.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:

    - O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    - O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


    4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    - O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
    - O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    - O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    - O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    - O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    - O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    - O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [unless you have paid version]
    - O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    - O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    - O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [unless you have paid version]


    5. Click on Fix checked button.

    6. Restart computer.

    7. Post new HijackThis log.
    My Home Page
    Reply With Quote Reply With Quote
  11. January 13th, 2010, 08:41 PM #9
    hunt_michelle
    hunt_michelle is offline Virtual Intern
    Join Date
    Jan 2006
    Posts
    400
    Okay, so I no longer have access to this computer. I told the owner what to do in terms of deleting all of that stuff but they're pretty dumb with computers and it would be too hard to explain to them what to do next, haha. So, I guess it should be clean after that one anyway?
    Reply With Quote Reply With Quote
  12. January 13th, 2010, 08:49 PM #10
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    If you ran those last HJT steps, pretty much so.
    It'd be very good idea to reset restore points.
    My Home Page
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules