Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Anyone Help Please ? Malware Attack !


  • This topic is locked This topic is locked
9 replies to this topic

#1 blacksheep

blacksheep

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 13 February 2008 - 06:21 PM

Posted: Wed 2/13/08 01:18 pm Post subject: Can anyone help please with my log ?

--------------------------------------------------------------------------------

I have recently become attcked by Trojan software and show my log
from Hijack this below.
I have run aaw2007 ( adaware ), ATF Cleaner, avgassetup, and Mcafee
virus scan to no effect .
Here is my log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:13:54, on 13/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\explorer.exe
D:\hijackthis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/?site=3&segment=...p=1221434162_52
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {18d4a2f0-508d-6de9-cb44-44049cf85ef2} - {2fe58fc9-4044-44bc-9ed6-d8050f2a4d81} - C:\WINDOWS\System32\byiwljnj.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ptqsogvu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F34717E5-3A5A-46A9-9ABD-2633DEBDDDFA} - C:\WINDOWS\System32\sstrp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [787562d4] rundll32.exe "C:\WINDOWS\System32\ykvhfnqt.dll",b
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?fa81bfa445374cb0b0e749ad6a829bed
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?fa81bfa445374cb0b0e749ad6a829bed
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ptqsogvu - C:\WINDOWS\SYSTEM32\ptqsogvu.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6913 bytes

Any help would be much appreciated
Pete

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:29 AM

Posted 13 February 2008 - 07:35 PM

Hello Pete,

Welcome to Bleeping Computer :blink:

You have a lot going on here, so it will take several posts at the least to fix you up.

After you download this tool, but before you run it, I need for you to go completely offline and disable all your protection programs so ComboFix can be most effective. Be sure to re enable everything before you come back online to post the reports for me. :thumbsup:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 blacksheep

blacksheep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 February 2008 - 02:37 PM

Hi here's the comobofix log .....
;ComboFix 08-02-16.2 - Sony 2008-02-16 19:17:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.67 [GMT 0:00]
Running from: C:\Documents and Settings\Sony\Local Settings\Temporary Internet Files\Content.IE5\C7N278EA\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\sstrp.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Sony\Application Data\SKS~1
C:\Documents and Settings\Sony\Desktop\MalwareAlarm.lnk
C:\Documents and Settings\Sony\My Documents\ICROSO~1.NET
C:\Documents and Settings\Sony\My Documents\ICROSO~1.NET\?icrosoft.NET\
C:\Documents and Settings\Sony\Start Menu\Programs\MalwareAlarm
C:\Documents and Settings\Sony\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk
C:\Documents and Settings\Sony\Start Menu\Programs\MalwareAlarm\Uninstall.lnk
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\algedttf.ini
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\anoapmbu.ini
C:\WINDOWS\system32\byiwljnj.dll
C:\WINDOWS\system32\clfoswpv.ini
C:\WINDOWS\system32\clipbrd.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\crguiuju.ini
C:\WINDOWS\system32\cvtwvccs.dll
C:\WINDOWS\system32\cweskulw.dll
C:\WINDOWS\system32\dgcgygmm.dll
C:\WINDOWS\system32\fttdegla.dll
C:\WINDOWS\system32\fxlcsjnn.ini
C:\WINDOWS\system32\idjqxhkg.ini2
C:\WINDOWS\system32\idjqxhkg.tmp
C:\WINDOWS\system32\lsmvptbf.dll
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\msvqnsof.dll
C:\WINDOWS\system32\mxkfbuyg.dll
C:\WINDOWS\system32\nkckonmr.dll
C:\WINDOWS\system32\nlgfbbmu.dll
C:\WINDOWS\system32\nlhlkxhm.ini
C:\WINDOWS\system32\oenbdlvh.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prtss.ini
C:\WINDOWS\system32\prtss.ini2
C:\WINDOWS\system32\ptqsogvu.dll
C:\WINDOWS\system32\ptqsogvu.dll . . . . failed to delete
C:\WINDOWS\system32\ptqsogvu.dllbox
C:\WINDOWS\system32\qhtacfoc.ini
C:\WINDOWS\system32\sstrp.dll
C:\WINDOWS\system32\sstrp.exe
C:\WINDOWS\system32\thwohsrs.dll
C:\WINDOWS\system32\tstapxpc.dll
C:\WINDOWS\system32\vapgsyvl.ini
C:\WINDOWS\system32\vpwsoflc.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wluksewc.ini
C:\WINDOWS\system32\wptlssgr.ini
C:\WINDOWS\system32\yrfxdtxu.dll
C:\WINDOWS\WINDOWS
C:\WINDOWS\WINDOWS\AppPatch\acgenral.dll
C:\WINDOWS\WINDOWS\AppPatch\aclayers.dll
C:\WINDOWS\WINDOWS\AppPatch\aclua.dll
C:\WINDOWS\WINDOWS\AppPatch\acspecfc.dll
C:\WINDOWS\WINDOWS\AppPatch\acxtrnal.dll
C:\WINDOWS\WINDOWS\AppPatch\apph_sp.sdb
C:\WINDOWS\WINDOWS\AppPatch\apphelp.sdb
C:\WINDOWS\WINDOWS\AppPatch\drvmain.sdb
C:\WINDOWS\WINDOWS\AppPatch\msimain.sdb
C:\WINDOWS\WINDOWS\AppPatch\sysmain.sdb
C:\WINDOWS\WINDOWS\assembly\Desktop.ini
C:\WINDOWS\WINDOWS\Cursors\3dgarro.cur
C:\WINDOWS\WINDOWS\Cursors\3dgmove.cur
C:\WINDOWS\WINDOWS\Cursors\3dgnesw.cur
C:\WINDOWS\WINDOWS\Cursors\3dgno.cur
C:\WINDOWS\WINDOWS\Cursors\3dgns.cur
C:\WINDOWS\WINDOWS\Cursors\3dgnwse.cur
C:\WINDOWS\WINDOWS\Cursors\3dgwe.cur
C:\WINDOWS\WINDOWS\Cursors\3dsmove.cur
C:\WINDOWS\WINDOWS\Cursors\3dsns.cur
C:\WINDOWS\WINDOWS\Cursors\3dsnwse.cur
C:\WINDOWS\WINDOWS\Cursors\3dwarro.cur
C:\WINDOWS\WINDOWS\Cursors\3dwmove.cur
C:\WINDOWS\WINDOWS\Cursors\3dwnesw.cur
C:\WINDOWS\WINDOWS\Cursors\3dwno.cur
C:\WINDOWS\WINDOWS\Cursors\3dwns.cur
C:\WINDOWS\WINDOWS\Cursors\3dwnwse.cur
C:\WINDOWS\WINDOWS\Cursors\3dwwe.cur
C:\WINDOWS\WINDOWS\Cursors\appstar2.ani
C:\WINDOWS\WINDOWS\Cursors\appstar3.ani
C:\WINDOWS\WINDOWS\Cursors\appstart.ani
C:\WINDOWS\WINDOWS\Cursors\arrow_i.cur
C:\WINDOWS\WINDOWS\Cursors\arrow_il.cur
C:\WINDOWS\WINDOWS\Cursors\arrow_im.cur
C:\WINDOWS\WINDOWS\Cursors\arrow_l.cur
C:\WINDOWS\WINDOWS\Cursors\arrow_m.cur
C:\WINDOWS\WINDOWS\Cursors\arrow_r.cur
C:\WINDOWS\WINDOWS\Cursors\arrow_rl.cur
C:\WINDOWS\WINDOWS\Cursors\arrow_rm.cur
C:\WINDOWS\WINDOWS\Cursors\banana.ani
C:\WINDOWS\WINDOWS\Cursors\barber.ani
C:\WINDOWS\WINDOWS\Cursors\beam_i.cur
C:\WINDOWS\WINDOWS\Cursors\beam_il.cur
C:\WINDOWS\WINDOWS\Cursors\beam_im.cur
C:\WINDOWS\WINDOWS\Cursors\beam_l.cur
C:\WINDOWS\WINDOWS\Cursors\beam_m.cur
C:\WINDOWS\WINDOWS\Cursors\beam_r.cur
C:\WINDOWS\WINDOWS\Cursors\beam_rl.cur
C:\WINDOWS\WINDOWS\Cursors\beam_rm.cur
C:\WINDOWS\WINDOWS\Cursors\busy_i.cur
C:\WINDOWS\WINDOWS\Cursors\busy_il.cur
C:\WINDOWS\WINDOWS\Cursors\busy_im.cur
C:\WINDOWS\WINDOWS\Cursors\busy_l.cur
C:\WINDOWS\WINDOWS\Cursors\busy_m.cur
C:\WINDOWS\WINDOWS\Cursors\busy_r.cur
C:\WINDOWS\WINDOWS\Cursors\busy_rl.cur
C:\WINDOWS\WINDOWS\Cursors\busy_rm.cur
C:\WINDOWS\WINDOWS\Cursors\coin.ani
C:\WINDOWS\WINDOWS\Cursors\counter.ani
C:\WINDOWS\WINDOWS\Cursors\cross.cur
C:\WINDOWS\WINDOWS\Cursors\cross_i.cur
C:\WINDOWS\WINDOWS\Cursors\cross_il.cur
C:\WINDOWS\WINDOWS\Cursors\cross_im.cur
C:\WINDOWS\WINDOWS\Cursors\cross_l.cur
C:\WINDOWS\WINDOWS\Cursors\cross_m.cur
C:\WINDOWS\WINDOWS\Cursors\cross_r.cur
C:\WINDOWS\WINDOWS\Cursors\cross_rl.cur
C:\WINDOWS\WINDOWS\Cursors\cross_rm.cur
C:\WINDOWS\WINDOWS\Cursors\dinosau2.ani
C:\WINDOWS\WINDOWS\Cursors\dinosaur.ani
C:\WINDOWS\WINDOWS\Cursors\drum.ani
C:\WINDOWS\WINDOWS\Cursors\fillitup.ani
C:\WINDOWS\WINDOWS\Cursors\hand.ani
C:\WINDOWS\WINDOWS\Cursors\handapst.ani
C:\WINDOWS\WINDOWS\Cursors\handnesw.ani
C:\WINDOWS\WINDOWS\Cursors\handno.ani
C:\WINDOWS\WINDOWS\Cursors\handns.ani
C:\WINDOWS\WINDOWS\Cursors\handnwse.ani
C:\WINDOWS\WINDOWS\Cursors\handwait.ani
C:\WINDOWS\WINDOWS\Cursors\handwe.ani
C:\WINDOWS\WINDOWS\Cursors\harrow.cur
C:\WINDOWS\WINDOWS\Cursors\hcross.cur
C:\WINDOWS\WINDOWS\Cursors\help_i.cur
C:\WINDOWS\WINDOWS\Cursors\help_il.cur
C:\WINDOWS\WINDOWS\Cursors\help_im.cur
C:\WINDOWS\WINDOWS\Cursors\help_l.cur
C:\WINDOWS\WINDOWS\Cursors\help_m.cur
C:\WINDOWS\WINDOWS\Cursors\help_r.cur
C:\WINDOWS\WINDOWS\Cursors\help_rl.cur
C:\WINDOWS\WINDOWS\Cursors\help_rm.cur
C:\WINDOWS\WINDOWS\Cursors\hibeam.cur
C:\WINDOWS\WINDOWS\Cursors\hmove.cur
C:\WINDOWS\WINDOWS\Cursors\hnesw.cur
C:\WINDOWS\WINDOWS\Cursors\hnodrop.cur
C:\WINDOWS\WINDOWS\Cursors\hns.cur
C:\WINDOWS\WINDOWS\Cursors\hnwse.cur
C:\WINDOWS\WINDOWS\Cursors\horse.ani
C:\WINDOWS\WINDOWS\Cursors\hourgla2.ani
C:\WINDOWS\WINDOWS\Cursors\hourgla3.ani
C:\WINDOWS\WINDOWS\Cursors\hourglas.ani
C:\WINDOWS\WINDOWS\Cursors\hwe.cur
C:\WINDOWS\WINDOWS\Cursors\lappstrt.cur
C:\WINDOWS\WINDOWS\Cursors\larrow.cur
C:\WINDOWS\WINDOWS\Cursors\lcross.cur
C:\WINDOWS\WINDOWS\Cursors\libeam.cur
C:\WINDOWS\WINDOWS\Cursors\lmove.cur
C:\WINDOWS\WINDOWS\Cursors\lnesw.cur
C:\WINDOWS\WINDOWS\Cursors\lnodrop.cur
C:\WINDOWS\WINDOWS\Cursors\lns.cur
C:\WINDOWS\WINDOWS\Cursors\lnwse.cur
C:\WINDOWS\WINDOWS\Cursors\lwait.cur
C:\WINDOWS\WINDOWS\Cursors\lwe.cur
C:\WINDOWS\WINDOWS\Cursors\metronom.ani
C:\WINDOWS\WINDOWS\Cursors\move_i.cur
C:\WINDOWS\WINDOWS\Cursors\move_il.cur
C:\WINDOWS\WINDOWS\Cursors\move_im.cur
C:\WINDOWS\WINDOWS\Cursors\move_l.cur
C:\WINDOWS\WINDOWS\Cursors\move_m.cur
C:\WINDOWS\WINDOWS\Cursors\move_r.cur
C:\WINDOWS\WINDOWS\Cursors\move_rl.cur
C:\WINDOWS\WINDOWS\Cursors\move_rm.cur
C:\WINDOWS\WINDOWS\Cursors\no_i.cur
C:\WINDOWS\WINDOWS\Cursors\no_il.cur
C:\WINDOWS\WINDOWS\Cursors\no_im.cur
C:\WINDOWS\WINDOWS\Cursors\no_l.cur
C:\WINDOWS\WINDOWS\Cursors\no_m.cur
C:\WINDOWS\WINDOWS\Cursors\no_r.cur
C:\WINDOWS\WINDOWS\Cursors\no_rl.cur
C:\WINDOWS\WINDOWS\Cursors\no_rm.cur
C:\WINDOWS\WINDOWS\Cursors\pen_i.cur
C:\WINDOWS\WINDOWS\Cursors\pen_il.cur
C:\WINDOWS\WINDOWS\Cursors\pen_im.cur
C:\WINDOWS\WINDOWS\Cursors\pen_l.cur
C:\WINDOWS\WINDOWS\Cursors\pen_m.cur
C:\WINDOWS\WINDOWS\Cursors\pen_r.cur
C:\WINDOWS\WINDOWS\Cursors\pen_rl.cur
C:\WINDOWS\WINDOWS\Cursors\pen_rm.cur
C:\WINDOWS\WINDOWS\Cursors\piano.ani
C:\WINDOWS\WINDOWS\Cursors\rainbow.ani
C:\WINDOWS\WINDOWS\Cursors\raindrop.ani
C:\WINDOWS\WINDOWS\Cursors\size1_i.cur
C:\WINDOWS\WINDOWS\Cursors\size1_il.cur
C:\WINDOWS\WINDOWS\Cursors\size1_im.cur
C:\WINDOWS\WINDOWS\Cursors\size1_l.cur
C:\WINDOWS\WINDOWS\Cursors\size1_m.cur
C:\WINDOWS\WINDOWS\Cursors\size1_r.cur
C:\WINDOWS\WINDOWS\Cursors\size1_rl.cur
C:\WINDOWS\WINDOWS\Cursors\size1_rm.cur
C:\WINDOWS\WINDOWS\Cursors\size2_i.cur
C:\WINDOWS\WINDOWS\Cursors\size2_il.cur
C:\WINDOWS\WINDOWS\Cursors\size2_im.cur
C:\WINDOWS\WINDOWS\Cursors\size2_l.cur
C:\WINDOWS\WINDOWS\Cursors\size2_m.cur
C:\WINDOWS\WINDOWS\Cursors\size2_r.cur
C:\WINDOWS\WINDOWS\Cursors\size2_rl.cur
C:\WINDOWS\WINDOWS\Cursors\size2_rm.cur
C:\WINDOWS\WINDOWS\Cursors\size3_i.cur
C:\WINDOWS\WINDOWS\Cursors\size3_il.cur
C:\WINDOWS\WINDOWS\Cursors\size3_im.cur
C:\WINDOWS\WINDOWS\Cursors\size3_l.cur
C:\WINDOWS\WINDOWS\Cursors\size3_m.cur
C:\WINDOWS\WINDOWS\Cursors\size3_r.cur
C:\WINDOWS\WINDOWS\Cursors\size3_rl.cur
C:\WINDOWS\WINDOWS\Cursors\size3_rm.cur
C:\WINDOWS\WINDOWS\Cursors\size4_i.cur
C:\WINDOWS\WINDOWS\Cursors\size4_il.cur
C:\WINDOWS\WINDOWS\Cursors\size4_im.cur
C:\WINDOWS\WINDOWS\Cursors\size4_l.cur
C:\WINDOWS\WINDOWS\Cursors\size4_m.cur
C:\WINDOWS\WINDOWS\Cursors\size4_r.cur
C:\WINDOWS\WINDOWS\Cursors\size4_rl.cur
C:\WINDOWS\WINDOWS\Cursors\size4_rm.cur
C:\WINDOWS\WINDOWS\Cursors\sizenesw.ani
C:\WINDOWS\WINDOWS\Cursors\sizens.ani
C:\WINDOWS\WINDOWS\Cursors\sizenwse.ani
C:\WINDOWS\WINDOWS\Cursors\sizewe.ani
C:\WINDOWS\WINDOWS\Cursors\stopwtch.ani
C:\WINDOWS\WINDOWS\Cursors\up_i.cur
C:\WINDOWS\WINDOWS\Cursors\up_il.cur
C:\WINDOWS\WINDOWS\Cursors\up_im.cur
C:\WINDOWS\WINDOWS\Cursors\up_l.cur
C:\WINDOWS\WINDOWS\Cursors\up_m.cur
C:\WINDOWS\WINDOWS\Cursors\up_r.cur
C:\WINDOWS\WINDOWS\Cursors\up_rl.cur
C:\WINDOWS\WINDOWS\Cursors\up_rm.cur
C:\WINDOWS\WINDOWS\Cursors\vanisher.ani
C:\WINDOWS\WINDOWS\Cursors\wagtail.ani
C:\WINDOWS\WINDOWS\Cursors\wait_i.cur
C:\WINDOWS\WINDOWS\Cursors\wait_il.cur
C:\WINDOWS\WINDOWS\Cursors\wait_im.cur
C:\WINDOWS\WINDOWS\Cursors\wait_l.cur
C:\WINDOWS\WINDOWS\Cursors\wait_m.cur
C:\WINDOWS\WINDOWS\Cursors\wait_r.cur
C:\WINDOWS\WINDOWS\Cursors\wait_rl.cur
C:\WINDOWS\WINDOWS\Cursors\wait_rm.cur
C:\WINDOWS\WINDOWS\Debug\blastcln.log
C:\WINDOWS\WINDOWS\Debug\mrt.log
C:\WINDOWS\WINDOWS\Debug\NetSetup.LOG
C:\WINDOWS\WINDOWS\Debug\PASSWD.LOG
C:\WINDOWS\WINDOWS\Debug\WPD\wpdtrace.log
C:\WINDOWS\WINDOWS\Downloaded Program Files\avsniff.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\avsniff.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\AXXPEE.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\CabSA.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\catalog.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\desktop.ini
C:\WINDOWS\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd
C:\WINDOWS\WINDOWS\Downloaded Program Files\ecbootil.vxd
C:\WINDOWS\WINDOWS\Downloaded Program Files\ecmldr32.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\ecmsvr32.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\EPUWALcontrol.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\erma.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\McGDMgr.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\mcinsctl.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
C:\WINDOWS\WINDOWS\Downloaded Program Files\navapi.vxd
C:\WINDOWS\WINDOWS\Downloaded Program Files\navapi32.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\naveng32.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\navex32a.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\rufsi.dll
C:\WINDOWS\WINDOWS\Downloaded Program Files\scrauth.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\swflash.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\symaveng.cat
C:\WINDOWS\WINDOWS\Downloaded Program Files\symaveng.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\tcdefs.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tcscan7.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tcscan8.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tcscan9.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tinf.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tinfidx.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tinfl.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tscan1.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\tscan1hd.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\v.grd
C:\WINDOWS\WINDOWS\Downloaded Program Files\v.sig
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan1.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan2.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan3.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan4.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan5.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan6.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan7.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan8.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscan9.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\virscant.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\vscanmsx.dat
C:\WINDOWS\WINDOWS\Downloaded Program Files\WMV9VCM.inf
C:\WINDOWS\WINDOWS\Downloaded Program Files\zdone.dat
C:\WINDOWS\WINDOWS\Driver Cache\i386\aec.sys
C:\WINDOWS\WINDOWS\Driver Cache\i386\driver.cab
C:\WINDOWS\WINDOWS\Driver Cache\i386\http.sys
C:\WINDOWS\WINDOWS\Driver Cache\i386\kmixer.sys
C:\WINDOWS\WINDOWS\Driver Cache\i386\mrxsmb.sys
C:\WINDOWS\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
C:\WINDOWS\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
C:\WINDOWS\WINDOWS\Driver Cache\i386\ntkrpamp.exe
C:\WINDOWS\WINDOWS\Driver Cache\i386\ntoskrnl.exe
C:\WINDOWS\WINDOWS\Driver Cache\i386\sp1.cab
C:\WINDOWS\WINDOWS\Driver Cache\i386\sp2.cab
C:\WINDOWS\WINDOWS\Driver Cache\i386\splitter.sys
C:\WINDOWS\WINDOWS\Driver Cache\i386\wdmaud.sys

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-16 19:28 . 2008-02-16 19:28 14,033 --a------ C:\posF6.tmp
2008-02-16 19:27 . 2008-02-16 19:32 19,054 ---hs---- C:\WINDOWS\system32\ptqsogvu.dllbox
2008-02-16 18:26 . 2008-02-16 18:26 1 --a------ C:\WINDOWS\system32\rc.dat
2008-02-16 18:26 . 2008-02-16 18:26 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-02-13 03:38 . 2008-02-13 03:38 50,176 --a------ C:\WINDOWS\system32\unifff.dll
2008-02-13 03:37 . 2008-02-13 03:37 5,785 --a------ C:\Documents and Settings\Sony\111.exe
2008-02-13 02:59 . 1988-01-01 00:05 1,240,157 --ahs---- C:\WINDOWS\system32\tqnfhvky.ini
2008-02-13 01:31 . 2008-02-13 01:31 <DIR> d-------- C:\Documents and Settings\Sony\Application Data\Grisoft
2008-02-13 01:30 . 2008-02-13 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-13 01:30 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-13 00:19 . 2008-02-13 00:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-13 00:19 . 2008-02-13 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 22:20 . 1988-01-01 00:14 1,235,161 --ahs---- C:\WINDOWS\system32\mbifynlt.ini
2008-02-12 21:57 . 2008-02-12 22:01 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-12 21:27 . 2008-02-12 21:29 4,096 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg
2008-02-12 21:12 . 2008-02-13 00:13 29,128 --a------ C:\WINDOWS\xpupdate .exe
2008-02-12 20:56 . 2008-02-12 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-12 20:56 . 2008-02-12 20:56 <DIR> d-------- C:\Documents and Settings\Sony\Application Data\PC Tools
2008-02-12 20:56 . 2008-02-12 21:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-12 20:56 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-12 20:56 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-12 20:56 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-12 20:56 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-12 20:53 . 2008-02-12 20:53 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-12 20:53 . 2008-02-12 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-12 20:52 . 2008-02-16 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-12 20:35 . 2008-02-13 02:44 <DIR> d-------- C:\Program Files\MalwareAlarm
2008-02-12 20:34 . 2008-02-12 20:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 21:17 . 2008-02-16 19:24 163,904 --a------ C:\WINDOWS\system32\ptqsogvu.dll
2008-02-01 01:29 . 2008-02-01 01:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-01 01:29 . 2008-02-01 01:31 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-01 01:29 . 2008-02-01 01:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-30 18:01 . 2008-01-30 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-30 18:00 . 2008-02-11 20:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-30 18:00 . 2008-01-30 18:00 <DIR> d-------- C:\Documents and Settings\Sony\Application Data\SUPERAntiSpyware.com
2008-01-30 17:59 . 2008-02-13 00:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-30 17:56 . 2008-01-30 17:56 153 --ahs---- C:\WINDOWS\system32\fxlcsjnn.tmp
2008-01-23 20:06 . 2005-09-05 11:21 362,944 --a------ C:\WINDOWS\system32\drivers\WG11TND5.sys
2008-01-23 20:06 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-01-23 20:06 . 2005-09-05 11:39 14,467 --a------ C:\WINDOWS\system32\drivers\netwg11t.inf
2008-01-23 20:06 . 2005-10-28 00:21 8,267 --a------ C:\WINDOWS\system32\drivers\netwg11t.cat
2008-01-22 21:03 . 2008-01-22 21:03 <DIR> d-------- C:\Program Files\Ashampoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 19:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-11 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 20:43 --------- d-----w C:\Program Files\NETGEAR
2008-02-11 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-01 01:26 --------- d-----w C:\Program Files\Google
2008-01-22 19:43 --------- d-----w C:\Program Files\QuickTime
2008-01-19 17:54 --------- d-----w C:\Program Files\quicksnooker
2008-01-17 21:33 --------- d-----w C:\Program Files\MSN Messenger
2007-12-20 22:23 72,264 ----a-w C:\Program Files\Common Files\setup.exe
2007-12-20 22:22 28,877,824 ----a-w C:\Program Files\Common Files\kav.en.msi
2007-12-18 00:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 00:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 17:23 74,124 ----a-w C:\Program Files\Common Files\release_notes_kav7.0mp1_en.html
2007-12-14 11:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-08-14 10:44 17,144 ----a-w C:\Documents and Settings\Sony\Application Data\GDIPFONTCACHEV1.DAT
2007-08-02 16:53 536 ----a-w C:\Program Files\Common Files\setup.reg
2007-03-04 12:59 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
2006-03-17 11:41 265,984 ----a-w C:\WINDOWS\inf\WG511v2\WG511v2XP.sys
2006-03-17 11:41 265,856 ----a-w C:\WINDOWS\inf\WG511v2\WG511v2.sys
2006-03-17 11:41 212,992 ----a-w C:\WINDOWS\inf\WG511v2\CopyWHQLDriver.exe
.
<pre>
----a-w			68,856 2008-02-13 01:37:40  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 6,731,312 2008-02-16 18:54:08  C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas  .exe
----a-w		 5,674,352 2008-01-17 21:33:59  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		   282,624 2008-01-17 21:33:45  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,103,752 2008-02-12 21:17:27  C:\Program Files\Spyware Doctor\pctsTray .exe
----a-w		   866,816 2008-01-17 21:33:42  C:\Program Files\Thomson\SpeedTouch USB\Dragdiag .exe
----a-w			29,128 2008-02-13 00:13:34  C:\WINDOWS\xpupdate .exe
----a-w		   145,408 1988-01-01 00:01:39  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-16 19:24 163904 --a------ C:\WINDOWS\system32\ptqsogvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAFF2D26-9553-40B2-845D-8D8BEDCB5C78}]
C:\WINDOWS\System32\sstrp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2001-10-04 20:13 375808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 09:41 13312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-12 20:52:01 125624]
NETGEAR Smart Wizard.lnk - C:\WINDOWS\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2007-03-19 19:36:04 2238]
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T\wlan111t.exe [2008-01-23 20:06:08 884840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ptqsogvu]
ptqsogvu.dll 2008-02-16 19:24 163904 C:\WINDOWS\system32\ptqsogvu.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\787562d4]
C:\WINDOWS\System32\rgssltpw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2002-08-29 09:41 13312 C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Install5G]
D:\Install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jlauk]
C:\WINDOWS\system32\??mantec\?pool32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\System32\sstrp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-17 21:33 282624 C:\Program Files\QuickTime\qttask .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000106.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Swre]
C:\DOCUME~1\Sony\MYDOCU~1\ICROSO~1.NET\logonui.exe

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2007-08-14 09:28]
R3 Ich;Ich;C:\WINDOWS\System32\DRIVERS\Ich.sys [2001-11-13 15:13]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2001-08-17 12:51]
S2 AmosNT;AmosNT;C:\WINDOWS\System32\DRIVERS\amosnt.sys [2001-11-14 16:10]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\System32\DRIVERS\WG11TND5.sys [2005-09-05 11:21]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\DNINDIS5.SYS [2003-07-24 12:10]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\System32\windows []

.
Contents of the 'Scheduled Tasks' folder
"2007-05-30 20:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 19:31:40
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ptqsogvu.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106]
-> C:\WINDOWS\system32\ptqsogvu.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-02-16 19:34:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-16 19:34:36
.
1988-01-01 00:10:46 --- E O F ---

#4 blacksheep

blacksheep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 February 2008 - 02:39 PM

And heres the hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:17, on 16/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/?site=3&segment=...p=1221434162_52
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ptqsogvu.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?fa81bfa445374cb0b0e749ad6a829bed
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?fa81bfa445374cb0b0e749ad6a829bed
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ptqsogvu - C:\WINDOWS\SYSTEM32\ptqsogvu.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 6676 bytes
thanks very much, pete !

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:29 AM

Posted 16 February 2008 - 03:12 PM

Hello Pete,

I have some bad news for you. :blink: You have an infostealer trojan on your system. :thumbsup:

.......may cause serious harm to your system and will likely cause a number of problems, loss of data, loss of control or leaking private information.

http://www.auditmypc.com/process/111.asp

If you don't reformat and reinstall, which is your safest and surest course, then it is extremely important to change your passwords and such after it's clean. Your passwords are all known. Don't do it now, or they'll just get stolen again. Keep an eye on any sensitive accounts you might have for nefarious activity. That said, I cannot promise you a truly clean, or truly safe system even if we totally get rid of this. Of course it's up to you, so please let me know.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 blacksheep

blacksheep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 16 February 2008 - 04:00 PM

Hello tea,
Many thanks for the quick reply -Yes i agree, formatting is safest - However, I have just tried to format, but when I try, I get the error message "Windows cannot format this drive, Quit any disk utilities or other programs that are using this drive and make sure that no window is displaying the contents of the drive Then try formatting again."
I've used task manager to shut everything that is not essential but still the same message. And the other question is - should I try Quick format or Ordinary ( slower ? ) formatting ? Many thanks, Pete I'll keep you posted via my other ( uninfected ! ) laptops.

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:29 AM

Posted 16 February 2008 - 04:13 PM

Try it in safe mode. I would go the total reformat under the circumstances, but it's your computer. Are you familiar with fdisk?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 blacksheep

blacksheep
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 22 February 2008 - 06:43 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:37:46, on 22/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/?site=3&segment=...p=1221434162_52
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - unifff.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: NETGEAR Smart Wizard.lnk = ?
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?fa81bfa445374cb0b0e749ad6a829bed
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?fa81bfa445374cb0b0e749ad6a829bed
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ptqsogvu - ptqsogvu.dll (file missing)
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\System32\windows (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 6272 bytes
Hello again Tea, soory to be a nuisance, but I have run the computer for several days and have had absolutely no sign of infection ; this is after I ran AVG Anti Spyware 7.5, Windows update and Google Toolbar. I've just run AVG and it found nothing. Would you mind having a look again and seeing if there is something still lurking, I'd perefer to carry on without a format if possible, Pete

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:29 AM

Posted 25 February 2008 - 05:45 PM

Hi Pete,

Hope you had a nice weekend. :thumbsup:

Please delete the version of ComboFix you have now and go grab a fresh one. It's been updated since we ran it last. Please run it the same way you did before and post the report in your reply. How is it running after a few days now?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:29 AM

Posted 05 March 2008 - 04:01 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users