Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Con.hook & Virtumonde Problems


  • This topic is locked This topic is locked
6 replies to this topic

#1 toplad67

toplad67

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 03 December 2007 - 06:36 PM

just cant seem to get rid of these please jhelp



Scan saved at 23:35:16, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {bde3f308-9762-2eaa-2034-cac74fb85f9d} - {d9f58bf4-7cac-4302-aae2-2679803f3edb} - C:\WINDOWS\system32\deigsbij.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195474803062
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 7409 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:53 PM

Posted 03 December 2007 - 11:21 PM

Hello toplad67,

Welcome to Bleeping Computer :thumbsup:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 toplad67

toplad67
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 04 December 2007 - 01:35 PM

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2553 [GMT 0:00]
Running from: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\94WJTMB8\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\inst.exe
C:\Program Files\fnts~1
C:\Program Files\fnts~1\F?nts\
C:\Program Files\fnts~1\svchost.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\deigsbij.dll
C:\WINDOWS\system32\ersorcvk.dll
C:\WINDOWS\system32\hjclqffn.dll
C:\WINDOWS\system32\kkafvsel.dll
C:\WINDOWS\system32\nlikjdmg.dll
C:\WINDOWS\system32\pumovsgk.dll
C:\WINDOWS\system32\qmuvygqg.dll
C:\WINDOWS\system32\rqrqoon.dll
C:\WINDOWS\system32\wapisvtr32.exe
C:\WINDOWS\ystem~1
C:\WINDOWS\ystem~1\m?hta.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-03 23:13 . 2007-12-03 23:13 106 --a------ C:\delete.bat
2007-12-03 23:07 . 2007-12-03 23:15 3,798 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-03 23:05 . 2007-12-03 23:05 <DIR> d-------- C:\Deckard
2007-12-03 19:14 . 2007-12-03 19:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-03 19:10 . 2007-12-03 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-03 19:04 . 2007-12-03 19:04 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-03 19:04 . 2007-12-03 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-03 19:03 . 2007-12-03 19:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 00:02 . 2007-12-02 00:17 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-02 00:02 . 2007-12-02 00:02 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2007-12-02 00:02 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-02 00:02 . 2005-07-06 18:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-12-02 00:02 . 2005-07-06 18:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-12-02 00:02 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-02 00:02 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-02 00:02 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-02 00:02 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-02 00:01 . 2007-12-02 00:06 793,691 ---hs---- C:\WINDOWS\system32\pxnpydeh.ini
2007-12-01 23:58 . 2007-12-02 00:23 <DIR> d-------- C:\d648dbd4614aa0e167e0af70184202
2007-12-01 23:43 . 2007-12-01 23:43 793,664 --a------ C:\WINDOWS\system32\pxnpydeh.ini.ren
2007-12-01 23:43 . 2007-12-01 23:43 85,056 --a------ C:\WINDOWS\system32\hedypnxp.dll.ren
2007-12-01 23:16 . 2007-12-01 23:16 10,816 --a------ C:\WINDOWS\system32\__c00BD610.dat.ren
2007-12-01 23:13 . 2007-12-01 23:13 10,816 --a------ C:\WINDOWS\system32\__c0095440.dat.ren
2007-12-01 23:10 . 2007-12-01 23:10 71,232 --a------ C:\WINDOWS\system32\hbxmwmbr.exe .ren
2007-12-01 23:06 . 2007-12-03 23:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-01 23:03 . 2007-12-04 12:58 <DIR> d-------- C:\Program Files\Trojan Remover
2007-12-01 23:03 . 2007-12-01 23:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Simply Super Software
2007-12-01 23:03 . 2007-12-01 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-01 23:03 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-12-01 23:03 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-12-01 23:03 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-12-01 23:03 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-12-01 23:03 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-12-01 22:51 . 2007-12-01 23:37 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-01 16:35 . 2007-12-01 22:43 793,784 --a------ C:\WINDOWS\system32\tsbpnhdh.ini.ren
2007-12-01 16:35 . 2007-12-01 16:35 85,056 --a------ C:\WINDOWS\system32\hdhnpbst.dll.ren
2007-12-01 16:32 . 2007-12-01 16:32 10,816 --a------ C:\WINDOWS\system32\__c00ACA1C.dat.ren
2007-11-29 18:43 . 2007-11-29 18:43 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-28 11:39 . 2007-12-01 16:32 63,966 --a------ C:\WINDOWS\system32\uttss.bak2.ren
2007-11-27 18:30 . 2007-11-27 18:31 <DIR> d-------- C:\Documents and Settings\User\Application Data\DeepBurner
2007-11-27 18:26 . 2007-11-27 18:26 <DIR> d-------- C:\Program Files\Astonsoft
2007-11-27 17:38 . 2007-12-01 23:34 63,183 --a------ C:\WINDOWS\system32\uttss.bak1.ren
2007-11-27 17:37 . 2007-12-01 23:49 64,242 --a------ C:\WINDOWS\system32\uttss.ini.ren
2007-11-27 17:32 . 2007-11-27 17:32 <DIR> d-------- C:\Program Files\PowerISO
2007-11-24 18:11 . 2007-11-24 18:11 <DIR> d-------- C:\Program Files\Google
2007-11-24 16:37 . 2007-11-24 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-11-24 15:33 . 2007-11-24 15:33 <DIR> d-------- C:\Program Files\VSO
2007-11-24 15:33 . 2007-12-01 17:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2007-11-24 15:33 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-11-24 15:33 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-11-24 15:33 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-11-24 15:33 . 2007-11-24 15:33 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-24 15:33 . 2007-11-24 15:33 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2007-11-22 21:15 . 2007-11-22 21:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-20 18:23 . 2007-11-20 18:25 <DIR> d-------- C:\Program Files\BeerSmith
2007-11-20 17:33 . 2007-12-04 12:57 230 --a------ C:\WINDOWS\freedom.backup.dat
2007-11-20 17:27 . 2007-11-20 17:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-19 20:51 . 2007-11-19 20:51 <DIR> d-------- C:\Documents and Settings\User\Application Data\DivX
2007-11-19 20:38 . 2007-10-20 00:56 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-11-19 20:38 . 2007-10-20 00:56 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-11-19 20:38 . 2007-10-20 00:56 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-11-19 20:38 . 2007-10-20 00:56 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-11-19 20:38 . 2007-10-20 00:56 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-11-19 20:37 . 2007-11-19 20:38 <DIR> d-------- C:\Program Files\DivX
2007-11-19 20:22 . 2007-11-19 20:22 <DIR> d-------- C:\Program Files\uTorrent
2007-11-19 20:22 . 2007-12-03 22:37 <DIR> d-------- C:\Documents and Settings\User\Application Data\uTorrent
2007-11-19 19:39 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-11-19 19:39 . 2007-11-23 18:05 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-19 19:39 . 2007-11-19 19:39 22,328 --a------ C:\Documents and Settings\User\Application Data\PnkBstrK.sys
2007-11-19 19:38 . 2007-11-23 18:04 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-19 19:38 . 2007-11-19 19:41 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-19 19:38 . 2007-11-19 19:38 319 --a------ C:\WINDOWS\game.ini
2007-11-19 19:18 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-11-19 19:18 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-11-19 18:35 . 2007-11-19 18:35 <DIR> d-------- C:\Program Files\Activision
2007-11-19 18:34 . 2007-11-19 18:34 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-19 18:33 . 2007-11-19 18:33 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-19 18:33 . 2007-11-19 18:33 <DIR> d-------- C:\Documents and Settings\User\Application Data\teamspeak2
2007-11-19 18:33 . 2007-11-19 18:33 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2007-11-19 17:42 . 2007-11-19 19:43 <DIR> d-------- C:\Program Files\The All-Seeing Eye
2007-11-19 17:38 . 2007-11-19 17:40 <DIR> d-------- C:\Program Files\Rcon4Cod2
2007-11-19 17:38 . 2007-11-19 17:39 286,720 --------- C:\WINDOWS\Setup1.exe
2007-11-19 17:38 . 2007-11-19 17:39 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-11-19 17:35 . 2007-11-19 17:35 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-11-19 17:21 . 2007-11-19 17:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\ntl
2007-11-19 17:21 . 2007-11-19 17:21 70 --a------ C:\WINDOWS\DABB8C94.ini
2007-11-19 17:20 . 2007-11-27 07:28 <DIR> d-------- C:\Program Files\Common Files\PestPatrol
2007-11-19 17:20 . 2007-12-04 00:49 <DIR> d-------- C:\Program Files\Common Files\Command Software
2007-11-19 17:19 . 2007-11-19 17:19 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-19 17:19 . 2007-11-19 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ntl
2007-11-19 17:12 . 2007-11-19 17:20 <DIR> d-------- C:\Program Files\ntl
2007-11-19 17:12 . 2007-11-19 17:12 <DIR> d-------- C:\Program Files\Motive
2007-11-19 17:10 . 2005-05-26 04:47 9,062 --------- C:\WINDOWS\ntl_icon.ico
2007-11-19 17:10 . 2005-09-02 09:23 4,286 --------- C:\WINDOWS\quicklinks_icon.ico
2007-11-19 17:08 . 2007-11-19 17:12 <DIR> d-------- C:\Program Files\Common Files\Motive
2007-11-19 17:07 . 2007-11-19 17:07 <DIR> d-------- C:\Program Files\BroadJump
2007-11-19 17:07 . 2002-08-02 14:56 663,552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2007-11-19 17:07 . 2001-09-23 16:30 532,594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2007-11-19 17:07 . 2001-09-23 15:41 524,377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2007-11-19 17:07 . 2002-10-18 11:36 307,329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 17:28 155,995 ----a-w C:\WINDOWS\java\Packages\7FZN9N5R.ZIP
2007-11-19 11:42 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-19 11:37 --------- d-----w C:\Program Files\Windows Plus
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 17:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 17:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 17:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 17:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 17:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 17:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 17:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 17:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 17:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 17:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 17:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 17:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 17:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 17:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 17:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 17:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 17:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 17:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 17:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 17:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 17:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 17:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 17:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 17:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 17:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 17:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 17:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 17:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 17:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 17:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 17:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-10-04 17:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-10-04 17:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-10-04 17:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
2007-10-04 17:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 17:14 225,280 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2007-10-04 17:14 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2007-10-04 17:14 2,854,912 ----a-w C:\WINDOWS\system32\nvmoblsr.dll
2007-10-04 17:14 2,441,216 ----a-w C:\WINDOWS\system32\nvwssr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-29 18:02]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 C:\WINDOWS\stsystra.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 11:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 11:00 C:\WINDOWS\system32\rundll32.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-03-16 05:33]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [2005-07-05 15:31]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 00:05]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-12-01 23:04]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

S3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 12:58:16 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-12-04 05:30:12 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 12:58:46
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 13:00:04 - machine was rebooted
.
--- E O F ---






Scan saved at 18:33:24, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195474803062
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 6948 bytes



thanks

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:53 PM

Posted 05 December 2007 - 07:26 PM

Hello,

I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. That's why I want you to install one!!

AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system!

Run a full system scan with the one you chose and let me know how it's running in your reply, please. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 toplad67

toplad67
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 December 2007 - 11:49 AM

hi teacup downloaded avg anti virus, every thing seems fine now thanks m8 ur a star :thumbsup:

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:53 PM

Posted 07 December 2007 - 08:04 PM

Hello,

Glad to know it's better. :thumbsup: Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

You should definitely maintain a firewall. Some good free firewalls are Kerio, or Outpost. I use Comodo on my own system and really like it. http://comodo.com
A tutorial on understanding and using firewalls may be found here.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:53 PM

Posted 15 December 2007 - 12:55 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users