Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ssqpm.dll Removal Help [RESOLVED]

Started by dAvik , Jan 15 2008 03:15 PM

  • This topic is locked This topic is locked

#1
dAvik
Posted 15 January 2008 - 03:15 PM

dAvik

    Member

  • Member
  • PipPip
  • 11 posts
I can't seem to get rid of ssqpm.dll, which Avast keeps throwing up as a trojan, every time I start up the PC, which has recently got me quite concerned. Each time, Avast asks me what I want to do, but Delete, Repair and Move to Chest all fail at removing it permanently, having it return shortly afterwards.

I have used Spybot S&D, Ad-Aware, Spyware Doctor and VundoFix, all of which either cannot find it as a problem, or have the same problem as Avast.
I tried simply deleting the file, but it returned on reboot.
After deleting it again, I restarted, and went into safe mode. I tried deleting it from there, but the file was no where to be seen. I even ran VundoFix, but nothing came up. However, upon returning to normal windows, there it was again.

I have been pointed to a few other threads dealing with this issue. However, the advice given in a thread stated that when you ran VundoFix, it created a folder called VundoFix, and that you had to go into this once in safe mode. The folder has never been created for me, and I have the latest build of VundoFix.

Here is my HijackThis log, but bear in mind that this was done after I have told Avast to move the file to the chest, so it is no longer in its normal location (C:\WINDOWS\system32\).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:07, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
X:\Security\Ad-Aware\aawservice.exe
X:\Security\Avast!\aswUpdSv.exe
X:\Security\Avast!\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML .exe
X:\Security\Avast!\ashDisp.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
X:\Hardware\RivaTuner v2.06\RivaTuner.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
X:\Audio\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
X:\Security\Avast!\ashMaiSv.exe
X:\Security\Avast!\ashWebSv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
X:\MISC\FRAPS\FRAPS.EXE
C:\WINDOWS\System32\alg.exe
X:\Misc\Netgear\Network Card\WinDomainlogon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - X:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [QuickTime Task] "X:\Audio\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "X:\Hardware\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [avast!] X:\Security\Avast!\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "X:\Hardware\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] X:\Audio\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Fraps] X:\MISC\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to WinDomainlogon.exe.lnk = X:\Misc\Netgear\Network Card\WinDomainlogon.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199066897875
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - X:\Security\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - X:\Security\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - X:\Security\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - X:\Security\Avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - X:\Security\Avast!\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - X:\Hardware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - X:\Hardware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7801 bytes
  • 0

Advertisements

#2
Essexboy
Posted 15 January 2008 - 03:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is nothing showing in the log but I believe I know what it is. However as you are running two partitions it may take a while to find it

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
dAvik
Posted 15 January 2008 - 03:57 PM

dAvik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the reply. Is it worth me restarting and taking a HijackThis log before avast gets to it, so you can see it with it in?
  • 0

#4
dAvik
Posted 15 January 2008 - 04:26 PM

dAvik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Rather strangely, it hasn't come up this time. Either that ComboFix fixed it, or something else did and needed another restart. I can't find it in it's usual place either.


Either way, theres a chance it might appear next time, so I'll post the logs anyway.

ComboFix - ComboFix 08-01-16.1 - Joe 2008-01-15 21:58:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2667 [GMT 0:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools Lite\daemon .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\CTXFIHLP .EXE
C:\WINDOWS\system32\nwiz .exe
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\UpdReg.EXE

<pre>
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---> Reader_sl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML .exe ---> DLLML.exe
C:\Program Files\DAEMON Tools Lite\daemon .exe ---> QooBox
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe ---> QooBox
C:\WINDOWS\UpdReg .EXE ---> UpdReg.EXE
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
C:\WINDOWS\system32\CTXFIHLP .EXE ---> QooBox
C:\WINDOWS\system32\nwiz .exe ---> QooBox
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 21:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 21:11 . 2008-01-15 21:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 19:12 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-15 17:05 . 2008-01-15 17:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2008-01-15 15:49 . 2008-01-15 15:49 <DIR> d-------- C:\Program Files\SequoiaView
2008-01-15 15:44 . 2008-01-15 15:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-15 15:44 . 2008-01-15 15:44 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-14 22:35 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-14 22:35 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-14 22:35 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-14 22:34 . 2008-01-14 22:34 <DIR> d-------- C:\Program Files\Sygate
2008-01-14 21:46 . 2008-01-14 21:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-14 21:46 . 2008-01-14 21:46 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\PC Tools
2008-01-14 21:46 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-14 21:46 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-14 21:46 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-14 21:46 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-14 21:25 . 2008-01-15 15:31 <DIR> d-------- C:\VundoFix Backups
2008-01-14 19:45 . 2008-01-15 19:16 45 --a------ C:\TEST.XML
2008-01-14 16:25 . 2008-01-14 17:15 23 --a------ C:\WINDOWS\popcinfot.dat
2008-01-13 18:25 . 2008-01-15 16:00 <DIR> d-------- C:\Program Files\RegCleaner
2008-01-13 16:02 . 2008-01-13 16:02 <DIR> d-------- C:\Program Files\Google
2008-01-11 00:29 . 2008-01-11 00:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 19:50 . 2008-01-10 19:55 <DIR> d-------- C:\Program Files\SpeedFan
2008-01-10 19:50 . 2008-01-10 19:50 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-10 01:48 . 2008-01-15 15:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-10 01:48 . 2008-01-10 01:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 23:15 . 2008-01-08 23:15 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DivX
2008-01-08 22:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 22:06 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 18:25 . 2008-01-08 18:25 <DIR> d-------- C:\Program Files\Gigabyte
2008-01-08 18:25 . 2006-11-24 14:47 40,136 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2008-01-07 12:49 . 2007-12-28 23:46 211 --ahs---- C:\BOOT.BKK
2008-01-07 12:16 . 2008-01-07 12:16 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-01-07 12:07 . 2008-01-07 12:07 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Styler
2008-01-07 12:05 . 2008-01-07 12:19 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-01-07 12:05 . 2008-01-07 12:08 <DIR> d-------- C:\VTPFiles
2008-01-07 12:05 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-01-07 12:05 . 2008-01-07 12:05 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-01-07 12:05 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-01-07 12:05 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-01-07 11:02 . 2008-01-07 11:02 <DIR> d-------- C:\Program Files\TGTSoft
2008-01-06 20:48 . 2008-01-06 20:48 61,476 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-06 19:13 . 2008-01-06 20:50 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\mIRC
2008-01-06 10:52 . 2008-01-06 10:52 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Unigraphics Solutions
2008-01-06 10:22 . 2008-01-06 10:24 <DIR> d-------- C:\Program Files\Solid Edge V19
2008-01-05 12:46 . 2008-01-05 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-05 00:15 . 2007-11-29 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-01-05 00:15 . 2007-11-29 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 16:17 . 2008-01-15 15:37 <DIR> d-------- C:\Program Files\Bonjour
2008-01-04 16:04 . 2008-01-04 16:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-02 21:12 . 2008-01-02 21:14 <DIR> d-------- C:\WINDOWS\NV3164376.TMP
2008-01-02 21:12 . 2007-12-07 14:18 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-02 21:11 . 2008-01-02 21:11 <DIR> d-------- C:\NVIDIA
2008-01-02 17:36 . 2008-01-02 17:36 <DIR> d-------- C:\WINDOWS\Sun
2008-01-02 17:36 . 2008-01-02 17:36 <DIR> d-------- C:\Program Files\Java
2008-01-02 17:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 17:35 . 2008-01-02 17:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 17:00 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-02 17:00 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-02 17:00 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-02 17:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-02 16:18 . 2007-12-04 13:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-02 16:18 . 2004-01-09 09:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-02 16:18 . 2007-12-04 12:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-02 16:18 . 2007-12-04 14:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-02 16:18 . 2007-12-04 14:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-02 16:18 . 2007-12-04 14:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-02 16:18 . 2007-12-04 14:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-02 16:18 . 2007-12-04 14:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-02 16:16 . 2008-01-02 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-02 16:04 . 2008-01-02 16:04 <DIR> d-------- C:\Program Files\Futuremark
2008-01-02 16:03 . 2008-01-02 16:03 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-01-02 16:03 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-01-02 16:03 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-01-02 16:03 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-01-02 16:03 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-01-02 13:42 . 2004-04-10 09:42 2,944 --a------ C:\WINDOWS\system32\mbmiodrvr.sys
2008-01-02 11:46 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-01-02 11:26 . 2008-01-14 19:46 2,994 ---hs---- C:\WINDOWS\system32\dspqsnmu.ini
2008-01-02 00:26 . 2008-01-15 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-02 00:06 . 2008-01-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 00:05 . 2008-01-04 16:17 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-01 19:54 . 2008-01-02 10:49 1,254 --ahs---- C:\WINDOWS\system32\daifyyeb.ini
2008-01-01 19:52 . 2008-01-08 23:17 <DIR> d-------- C:\Program Files\Prime95
2007-12-31 17:24 . 2007-12-31 17:24 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\InstallShield Installation Information
2007-12-31 17:18 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-31 17:18 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 17:10 . 2007-12-31 17:10 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-31 17:10 . 2007-12-31 17:10 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-31 13:48 . 2007-12-31 14:08 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Bioshock
2007-12-31 13:34 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-31 13:34 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-31 13:34 . 2007-12-31 13:34 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-31 13:34 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-31 13:34 . 2007-12-31 13:34 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 19:32 365,568 ----a-w C:\WINDOWS\CTHELPER.EXE
2007-12-31 00:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-28 23:26 558,142 ----a-w C:\WINDOWS\java\Packages\R17BXVZ5.ZIP
2007-12-28 23:26 155,995 ----a-w C:\WINDOWS\java\Packages\A4GBHBRX.ZIP
2007-12-28 23:26 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-05 01:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2005-10-06 15:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
2005-10-06 15:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-03-01 11:16 212,992 ----a-w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
1999-07-06 19:00 1,024 --sha-w C:\WINDOWS\system32\msi32w16.dat
.
<pre>
----a-w			36,864 2008-01-01 23:58:30  C:\WINDOWS\JM\JMInsIDE .exe
----a-w		 1,953,792 2007-12-29 14:47:37  C:\WINDOWS\system32\JMRaidSetup .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Creative Detector"="X:\Audio\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 18:31 1372160]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Fraps"="X:\MISC\FRAPS\FRAPS.EXE" [2007-11-21 18:26 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [ ]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [ ]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2008-01-15 19:56 49152]
"QuickTime Task"="X:\Audio\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"CTDVDDET"="X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2008-01-15 19:56 49152]
"VolPanel"="X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-15 19:56 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-15 19:56 39792]
"RivaTunerStartupDaemon"="X:\Hardware\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 18:05 2650112]
"avast!"="X:\Security\Avast!\ashDisp.exe" [2007-12-04 13:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-15 19:57 132496]
"RivaTuner"="X:\Hardware\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 18:05 2650112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-08-14 14:10 20480]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Joe\Start Menu\Programs\Startup\
Shortcut to WinDomainlogon.exe.lnk - X:\Misc\Netgear\Network Card\WinDomainlogon.exe [2006-01-25 16:57:38]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys [2002-06-04 14:51]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-29 00:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\PCG.exe

*Newly Created Service* - HTTPFILTER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 22:05:18
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 22:09:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 22:09:32
.
2008-01-08 19:20:05 --- E O F ---


HijackThis -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:01, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
X:\Security\Ad-Aware\aawservice.exe
X:\Security\Avast!\aswUpdSv.exe
X:\Security\Avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
X:\Security\Avast!\ashMaiSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
X:\Security\Avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\wuauclt.exe
X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE
X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe
X:\Security\Avast!\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
X:\Hardware\RivaTuner v2.06\RivaTuner.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
X:\Audio\Creative\MediaSource\Detector\CTDetect.exe
X:\Misc\Netgear\Network Card\WinDomainlogon.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - X:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [QuickTime Task] "X:\Audio\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "X:\Hardware\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [avast!] X:\Security\Avast!\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "X:\Hardware\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] X:\Audio\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Fraps] X:\MISC\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to WinDomainlogon.exe.lnk = X:\Misc\Netgear\Network Card\WinDomainlogon.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199066897875
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - X:\Security\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - X:\Security\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - X:\Security\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - X:\Security\Avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - X:\Security\Avast!\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - X:\Hardware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - X:\Hardware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7335 bytes
  • 0

#5
Essexboy
Posted 15 January 2008 - 04:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not really as I feel I know what it is and combofix will give me more data :)
  • 0

#6
Essexboy
Posted 15 January 2008 - 04:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ooops cross post - there is a possibility you may have to re-install your raid driver if we are unable to clean it

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\dspqsnmu.ini
C:\WINDOWS\system32\daifyyeb.ini

Renv::
<pre>
----a-w 36,864 2008-01-01 23:58:30 C:\WINDOWS\JM\JMInsIDE .exe
----a-w 1,953,792 2007-12-29 14:47:37 C:\WINDOWS\system32\JMRaidSetup .exe
</pre>



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Before posting

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the log. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
  • 0

#7
dAvik
Posted 15 January 2008 - 05:13 PM

dAvik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Just so you know, I'm pretty sure the virus has gone now, as it hasnt cropped up the last two logons, whereas it hadnt missed one in quiet sometime before.

ComboFix:
ComboFix 08-01-16.1 - Joe 2008-01-16 23:00:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2742 [GMT 0:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\daifyyeb.ini
C:\WINDOWS\system32\dspqsnmu.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\daifyyeb.ini
C:\WINDOWS\system32\dspqsnmu.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-16 to 2008-01-16 )))))))))))))))))))))))))))))))
.

2008-01-15 21:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 21:11 . 2008-01-15 21:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-15 19:12 . 2007-01-18 12:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-15 17:05 . 2008-01-15 17:05 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2008-01-15 15:49 . 2008-01-15 15:49 <DIR> d-------- C:\Program Files\SequoiaView
2008-01-15 15:44 . 2008-01-15 15:44 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-01-15 15:44 . 2008-01-15 15:44 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-14 22:35 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-01-14 22:35 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-01-14 22:35 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-01-14 22:35 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-01-14 22:34 . 2008-01-14 22:34 <DIR> d-------- C:\Program Files\Sygate
2008-01-14 21:46 . 2008-01-14 21:59 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-14 21:46 . 2008-01-14 21:46 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\PC Tools
2008-01-14 21:46 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-14 21:46 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-14 21:46 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-14 21:46 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-14 21:25 . 2008-01-15 15:31 <DIR> d-------- C:\VundoFix Backups
2008-01-14 19:45 . 2008-01-15 19:16 45 --a------ C:\TEST.XML
2008-01-14 16:25 . 2008-01-14 17:15 23 --a------ C:\WINDOWS\popcinfot.dat
2008-01-13 18:25 . 2008-01-15 16:00 <DIR> d-------- C:\Program Files\RegCleaner
2008-01-13 16:02 . 2008-01-13 16:02 <DIR> d-------- C:\Program Files\Google
2008-01-11 00:29 . 2008-01-11 00:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 19:50 . 2008-01-10 19:55 <DIR> d-------- C:\Program Files\SpeedFan
2008-01-10 19:50 . 2008-01-10 19:50 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-01-10 01:48 . 2008-01-15 15:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-10 01:48 . 2008-01-10 01:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 23:15 . 2008-01-08 23:15 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\DivX
2008-01-08 22:06 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 22:06 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 18:25 . 2008-01-08 18:25 <DIR> d-------- C:\Program Files\Gigabyte
2008-01-08 18:25 . 2006-11-24 14:47 40,136 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2008-01-07 12:49 . 2007-12-28 23:46 211 --ahs---- C:\BOOT.BKK
2008-01-07 12:16 . 2008-01-07 12:16 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-01-07 12:07 . 2008-01-07 12:07 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Styler
2008-01-07 12:05 . 2008-01-07 12:19 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-01-07 12:05 . 2008-01-07 12:08 <DIR> d-------- C:\VTPFiles
2008-01-07 12:05 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-01-07 12:05 . 2008-01-07 12:05 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-01-07 12:05 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-01-07 12:05 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-01-07 11:02 . 2008-01-07 11:02 <DIR> d-------- C:\Program Files\TGTSoft
2008-01-06 20:48 . 2008-01-06 20:48 61,476 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-06 19:13 . 2008-01-06 20:50 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\mIRC
2008-01-06 10:52 . 2008-01-06 10:52 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Unigraphics Solutions
2008-01-06 10:22 . 2008-01-06 10:24 <DIR> d-------- C:\Program Files\Solid Edge V19
2008-01-05 12:46 . 2008-01-05 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-05 00:15 . 2007-11-29 22:30 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-01-05 00:15 . 2007-11-29 22:30 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 16:17 . 2008-01-15 15:37 <DIR> d-------- C:\Program Files\Bonjour
2008-01-04 16:04 . 2008-01-04 16:04 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-02 21:12 . 2008-01-02 21:14 <DIR> d-------- C:\WINDOWS\NV3164376.TMP
2008-01-02 21:12 . 2007-12-07 14:18 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-02 21:11 . 2008-01-02 21:11 <DIR> d-------- C:\NVIDIA
2008-01-02 17:36 . 2008-01-02 17:36 <DIR> d-------- C:\WINDOWS\Sun
2008-01-02 17:36 . 2008-01-02 17:36 <DIR> d-------- C:\Program Files\Java
2008-01-02 17:36 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-02 17:35 . 2008-01-02 17:35 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-02 17:00 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-02 17:00 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-02 17:00 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-02 17:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-02 16:18 . 2007-12-04 13:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-02 16:18 . 2004-01-09 09:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-02 16:18 . 2007-12-04 12:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-02 16:18 . 2007-12-04 14:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-02 16:18 . 2007-12-04 14:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-02 16:18 . 2007-12-04 14:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-02 16:18 . 2007-12-04 14:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-02 16:18 . 2007-12-04 14:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-02 16:16 . 2008-01-02 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-02 16:04 . 2008-01-02 16:04 <DIR> d-------- C:\Program Files\Futuremark
2008-01-02 16:03 . 2008-01-02 16:03 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-01-02 16:03 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-01-02 16:03 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-01-02 16:03 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-01-02 16:03 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-01-02 13:42 . 2004-04-10 09:42 2,944 --a------ C:\WINDOWS\system32\mbmiodrvr.sys
2008-01-02 11:46 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
2008-01-02 00:26 . 2008-01-15 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-02 00:06 . 2008-01-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-02 00:05 . 2008-01-04 16:17 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-01 19:52 . 2008-01-08 23:17 <DIR> d-------- C:\Program Files\Prime95
2007-12-31 17:24 . 2007-12-31 17:24 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\InstallShield Installation Information
2007-12-31 17:18 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-31 17:18 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 17:10 . 2007-12-31 17:10 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-12-31 17:10 . 2007-12-31 17:10 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-12-31 13:48 . 2007-12-31 14:08 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Bioshock
2007-12-31 13:34 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-31 13:34 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-31 13:34 . 2007-12-31 13:34 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2007-12-31 13:34 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-31 13:34 . 2007-12-31 13:34 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-12-31 13:34 . 2007-12-31 13:34 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-12-31 13:34 . 2007-12-31 13:34 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 16:08 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-01 19:32 365,568 ----a-w C:\WINDOWS\CTHELPER.EXE
2007-12-31 00:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-31 00:07 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-28 23:26 558,142 ----a-w C:\WINDOWS\java\Packages\R17BXVZ5.ZIP
2007-12-28 23:26 155,995 ----a-w C:\WINDOWS\java\Packages\A4GBHBRX.ZIP
2007-12-28 23:26 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-05 02:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 01:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 01:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 01:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 01:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 01:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 01:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 01:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 01:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 01:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 01:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 01:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 01:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 01:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 01:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 01:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 01:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 01:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 01:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 01:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 01:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 01:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 01:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 01:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 01:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-05 01:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 01:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 01:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 01:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-21 18:23 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 09:17 5,611,520 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-25 09:17 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-25 09:17 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-25 09:17 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-25 09:17 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-25 09:17 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-25 09:17 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-25 09:17 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-25 09:17 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-25 09:17 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-25 09:17 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-25 09:17 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-25 09:17 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-25 09:17 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-25 09:17 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-25 09:17 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-25 09:17 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-25 09:17 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-25 09:17 3,715,072 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-25 09:17 3,330,048 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-25 09:17 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-25 09:17 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-25 09:17 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-25 09:17 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-25 09:17 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-25 09:17 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-25 09:17 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-25 09:17 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-25 09:17 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-25 09:17 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-25 09:17 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-25 09:17 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-25 09:17 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-25 09:17 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-25 09:17 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-25 09:17 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-25 09:17 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
1999-07-06 19:00 1,024 --sha-w C:\WINDOWS\system32\msi32w16.dat
.

((((((((((((((((((((((((((((( snapshot@2008-01-16_22.09.20.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 21:58:39 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-16 23:00:43 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 21:58:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-16 23:00:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 21:58:40 4,497,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-16 23:00:43 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-15 21:58:40 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-16 23:00:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 21:58:40 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-16 23:00:44 4,497,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-15 21:58:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-16 23:00:44 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-01 23:58:30 36,864 ----a-w C:\WINDOWS\JM\JMInsIDE.exe
+ 2007-12-29 14:47:37 1,953,792 ----a-w C:\WINDOWS\system32\JMRaidSetup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Creative Detector"="X:\Audio\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 18:31 1372160]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Fraps"="X:\MISC\FRAPS\FRAPS.EXE" [2007-11-21 18:26 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2008-01-01 23:58 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-12-29 14:47 1953792]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2008-01-15 19:56 49152]
"QuickTime Task"="X:\Audio\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"CTDVDDET"="X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2008-01-15 19:56 49152]
"VolPanel"="X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-15 19:56 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-15 19:56 39792]
"RivaTunerStartupDaemon"="X:\Hardware\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 18:05 2650112]
"avast!"="X:\Security\Avast!\ashDisp.exe" [2007-12-04 13:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-15 19:57 132496]
"RivaTuner"="X:\Hardware\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 18:05 2650112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-08-14 14:10 20480]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 00:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Joe\Start Menu\Programs\Startup\
Shortcut to WinDomainlogon.exe.lnk - X:\Misc\Netgear\Network Card\WinDomainlogon.exe [2006-01-25 16:57:38]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 PD100VID;Video Blaster WebCam 5 (WDM);C:\WINDOWS\system32\DRIVERS\PD100Vid.sys [2002-06-04 14:51]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-12-29 00:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\PCG.exe

*Newly Created Service* - HTTPFILTER
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 23:02:16
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 23:03:22
ComboFix-quarantined-files.txt 2008-01-16 23:02:59
ComboFix2.txt 2008-01-16 22:09:36
.
2008-01-08 19:20:05 --- E O F ---


HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:17, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
X:\Security\Ad-Aware\aawservice.exe
X:\Security\Avast!\aswUpdSv.exe
X:\Security\Avast!\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
X:\Security\Avast!\ashMaiSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
X:\Security\Avast!\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE
X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe
X:\Security\Avast!\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
X:\Hardware\RivaTuner v2.06\RivaTuner.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
X:\Audio\Creative\MediaSource\Detector\CTDetect.exe
X:\Misc\Netgear\Network Card\WinDomainlogon.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Joe\Desktop\WinPFind35u\WinPFind35U.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - X:\Security\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [QuickTime Task] "X:\Audio\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTDVDDET] X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [VolPanel] "X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "X:\Hardware\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [avast!] X:\Security\Avast!\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RivaTuner] "X:\Hardware\RivaTuner v2.06\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] X:\Audio\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Fraps] X:\MISC\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Shortcut to WinDomainlogon.exe.lnk = X:\Misc\Netgear\Network Card\WinDomainlogon.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1199066897875
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15033/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - X:\Security\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - X:\Security\Avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - X:\Security\Avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - X:\Security\Avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - X:\Security\Avast!\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - X:\Hardware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - X:\Hardware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7414 bytes


WinPFind35:

WinPFind35 logfile created on: 16/01/2008 23:09:58
WinPFind35U Version Beta22 Folder = C:\Documents and Settings\Joe\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 57.35 Gb Free Space | 75.14% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 245.51 Mb Total Space | 245.50 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: SILVERBLACK-BOX
Current User Name: Joe
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 24/05/2006 18:31:06 | Attr = ]
smc.exe -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr = ]
aawservice.exe -> X:\Security\Ad-Aware\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29/10/2007 13:27:04 | Attr = ]
aswupdsv.exe -> X:\Security\Avast!\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 04/12/2007 14:36:33 | Attr = ]
ashserv.exe -> X:\Security\Avast!\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 04/12/2007 13:00:16 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 05/12/2007 01:41:00 | Attr = ]
pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 31/12/2007 13:34:23 | Attr = ]
pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 10/12/2007 14:53:44 | Attr = ]
pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ]
pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ]
ashmaisv.exe -> X:\Security\Avast!\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 04/12/2007 12:59:53 | Attr = ]
ashwebsv.exe -> X:\Security\Avast!\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 04/12/2007 12:59:01 | Attr = ]
dllml.exe -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 15/01/2008 19:56:55 | Attr = ]
ctdvddet.exe -> X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 01:00:00 | Attr = ]
volpanel.exe -> X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.21.0 | Size = 122880 bytes | Modified Date = 11/07/2005 11:34:06 | Attr = ]
ashdisp.exe -> X:\Security\Avast!\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 04/12/2007 13:00:23 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 15/01/2008 19:57:05 | Attr = ]
rivatuner.exe -> X:\Hardware\RivaTuner v2.06\RivaTuner.exe -> [Ver = 2, 6, 0, 0 | Size = 2650112 bytes | Modified Date = 30/10/2007 18:05:00 | Attr = ]
ctxfispi.exe -> %System32%\CTxfispi.exe -> Creative Technology Ltd [Ver = 5.12.01.1220-2.11.0010 (Beta-Release) | Size = 842240 bytes | Modified Date = 12/12/2006 10:43:58 | Attr = ]
ctdetect.exe -> X:\Audio\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 02/12/2004 18:23:34 | Attr = ]
windomainlogon.exe -> X:\Misc\Netgear\Network Card\WinDomainlogon.exe -> [Ver = 3, 2, 32, 306 | Size = 1486848 bytes | Modified Date = 25/01/2006 16:57:38 | Attr = ]
notiman.exe -> %ProgramFiles%\Creative\ShareDLL\CADI\NotiMan.exe -> Creative Technology Ltd. [Ver = 1.0.0.1 | Size = 73728 bytes | Modified Date = 14/01/2005 19:32:44 | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294400 bytes | Modified Date = 06/01/2008 13:17:10 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> X:\Security\Ad-Aware\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 5 | Size = 587096 bytes | Modified Date = 29/10/2007 13:27:04 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> X:\Security\Avast!\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 04/12/2007 14:36:33 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> X:\Security\Avast!\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 04/12/2007 13:00:16 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> X:\Security\Avast!\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 04/12/2007 12:59:53 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> X:\Security\Avast!\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 04/12/2007 12:59:01 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> File not found
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/12/1999 01:01:00 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 04/01/2008 16:04:41 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 14/11/2005 01:06:04 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 05/12/2007 01:41:00 | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 66872 bytes | Modified Date = 31/12/2007 13:34:23 | Attr = ]
(SandraDataSrv) SiSoftware Database Agent Service [Win32_Own | On_Demand | Stopped] -> X:\Hardware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 213176 bytes | Modified Date = 12/12/2007 17:31:58 | Attr = ]
(SandraTheSrv) SiSoftware Sandra Agent Service [Win32_Own | On_Demand | Stopped] -> X:\Hardware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe -> SiSoftware [Ver = 13.12.2008.1 | Size = 1253568 bytes | Modified Date = 12/12/2007 17:32:20 | Attr = ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.37 | Size = 747912 bytes | Modified Date = 10/12/2007 14:53:44 | Attr = ]
(sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.68 | Size = 946568 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ]
(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Running] -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr = ]
(StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 24/05/2006 18:31:06 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
36X Raid Configurer -> %System32%\JMRaidSetup.exe -> Gigabyte Technology Corp. [Ver = 1.17.12.01g | Size = 1953792 bytes | Modified Date = 29/12/2007 14:47:37 | Attr = ]
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 15/01/2008 19:56:59 | Attr = ]
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 15/01/2008 19:56:55 | Attr = ]
avast! -> X:\Security\Avast!\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 04/12/2007 13:00:23 | Attr = ]
CTDVDDET -> X:\Audio\Creative\X-Fi\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 01:00:00 | Attr = ]
EasyTuneV -> %ProgramFiles%\Gigabyte\ET5\ETcall.exe -> [Ver = 1, 0, 0, 1 | Size = 20480 bytes | Modified Date = 14/08/2007 14:10:12 | Attr = ]
ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.0.51 | Size = 1103752 bytes | Modified Date = 10/12/2007 14:53:46 | Attr = ]
JMB36X IDE Setup -> %SystemRoot%\JM\JMInsIDE.exe -> [Ver = | Size = 36864 bytes | Modified Date = 01/01/2008 23:58:30 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 05/12/2007 01:41:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 05/12/2007 01:41:00 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 05/12/2007 01:41:00 | Attr = ]
QuickTime Task -> X:\Audio\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 10:56:54 | Attr = ]
RCSystem -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 15/01/2008 19:56:55 | Attr = ]
RivaTuner -> X:\Hardware\RivaTuner v2.06\RivaTuner.exe -> [Ver = 2, 6, 0, 0 | Size = 2650112 bytes | Modified Date = 30/10/2007 18:05:00 | Attr = ]
RivaTunerStartupDaemon -> X:\Hardware\RivaTuner v2.06\RivaTuner.exe -> [Ver = 2, 6, 0, 0 | Size = 2650112 bytes | Modified Date = 30/10/2007 18:05:00 | Attr = ]
SmcService -> %ProgramFiles%\Sygate\SPF\Smc.exe -> Sygate Technologies, Inc. [Ver = 5.6.00.2808 | Size = 2577632 bytes | Modified Date = 15/10/2004 19:40:56 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 15/01/2008 19:57:05 | Attr = ]
UpdReg -> %SystemRoot%\UpdReg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 15/01/2008 19:56:56 | Attr = ]
VolPanel -> X:\Audio\Creative\X-Fi\Volume Panel\VolPanel.exe -> Creative Technology Ltd [Ver = 1.0.21.0 | Size = 122880 bytes | Modified Date = 11/07/2005 11:34:06 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Creative Detector -> X:\Audio\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 02/12/2004 18:23:34 | Attr = ]
Fraps -> X:\Misc\Fraps\fraps.exe -> Beepa P/L [Ver = 2, 9, 3, 6916 | Size = 913064 bytes | Modified Date = 21/11/2007 18:26:50 | Attr = ]
STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 24/05/2006 18:31:39 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
-> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 28/12/2007 23:26:21 | Attr = HS]
< Joe Startup Folder > -> C:\Documents and Settings\Joe\Start Menu\Programs\Startup ->
-> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 28/12/2007 23:26:21 | Attr = HS]
%UserStartup%\Shortcut to WinDomainlogon.exe.lnk -> X:\Misc\Netgear\Network Card\WinDomainlogon.exe -> [Ver = 3, 2, 32, 306 | Size = 1486848 bytes | Modified Date = 25/01/2006 16:57:38 | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4140 domain(s) found. ->
33 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4138 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> X:\Security\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 31/08/2007 16:46:14 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{958BFFDF-DB20-43DD-A14A-E249F06D6E7E} -> (NETGEAR WG311v3 802.11g Wireless PCI Adapter) ->
{A3D01197-1615-440D-A1EB-A78B2281DB7A} -> () ->
{AB5E5F6E-92F0-4792-B7CF-DB056F0C4840} -> (Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28/02/2006 12:42:30 | Attr = R ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HK
  • 0

#8
Essexboy
Posted 16 January 2008 - 02:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


    • Posted Image

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.

Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#9
Essexboy
Posted 17 January 2008 - 12:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP