Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Having terrible time with Trojan reappearing repeatedly [RESOLVED]

Started by goldberg96 , Apr 14 2008 06:19 PM

  • This topic is locked This topic is locked

#1
goldberg96
Posted 14 April 2008 - 06:19 PM

goldberg96

    Member

  • Member
  • PipPip
  • 15 posts
Hi all. I am generally pretty good at keeping viruses and malware from making it to my computer but it seems I've let something slip in that just driving me crazy. AVAST will find infected files (win32:IWD) in the SYSTEM32 folder, I will have AVAST delete them and the next day there's a bunch more again. I have run several tools but nothing seems to be found once the SYSTEM32 files are deleted. Therefore, I don't know what file keeps bringing the infected files back onto the system. Here is my latest HiJackThis log from a few minutes ago.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:41 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\vsnapvss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Min stor proj. - {FFFFFFFF-D71D-41e4-A699-F506DBD097F0} - msindc.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe.sav
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe.sav
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....031/CTSUEng.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-a.../ipix/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mpix.com/...geUploader4.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15034/CTPID.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.co...upldr-2k-xp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: setup_7.0.0.180_11.04.2008_01-38[1] - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_11.04.2008_01-38[1].exe (file missing)
O23 - Service: ShadowProtect Service (ShadowProtectSvc) - StorageCraft Technology Corporation - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
O23 - Service: StorageCraft Shadow Copy Provider (VSNAPVSS) - StorageCraft Technology Corporation - C:\WINDOWS\system32\vsnapvss.exe

--
End of file - 8747 bytes

I sure could use some help getting rid of whatever is corrupting my system.

I should add that since this problem has started, my bootup times have really grown long. I have looked in the registry for unusual startup items but I can't see anything obvious. But it definitely cooincides with the introduction of this trojan into my system.

Thanks in advance ........... Rob

Edited by goldberg96, 14 April 2008 - 06:22 PM.

  • 0

Advertisements

#2
greyknight17
Posted 14 April 2008 - 07:06 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Rob, let's see if we can get to the bottom of this....

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
goldberg96
Posted 15 April 2008 - 10:17 AM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for the quick response. This is a GREAT website. What I have actually done is taken advantage of the great backup system I use (StorageCraft Shadowprotect Desktop) and restored my system drive to a state prior to the introduction of the Trojan. I am not absolutely positive what introduced the virus but i have a pretty good idea of a couple of things and I am going to just avoid them now (downloading some questionable software). For the time being, since yesterday morning when I reloaded the system from backup, I have not gotten any messages about the trojan and I have scanned the system with everything i have (AVAST, Windows Defender).

Do you think it would be a good exercise to follow your instructions anyway and give this system a good going over and see if you see anything I should address? I certainly don't mind doing it. I just don't want to take up the time of highly skilled people inappropriately.

Let me know .................... Rob


UPDATE: Thought I was out of the woods but weird things are happening. First I lose sound and have to reload my soundcard drivers. Then I start having video problems and have to reload video card drivers. Then I lost internet and have to run Winsockfix and reboot to get it back. Decided I must still have some bad stuff on my machine so I followed your directions. What follows is first a fresh hijackthis log followed by a combofix log:

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:57 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\vsnapvss.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exesav
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exesav
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: Add to &LinkFox - res://C:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.burj-al-a.../ipix/ipixx.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: ShadowProtect Service (ShadowProtectSvc) - StorageCraft Technology Corporation - C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
O23 - Service: StorageCraft Shadow Copy Provider (VSNAPVSS) - StorageCraft Technology Corporation - C:\WINDOWS\system32\vsnapvss.exe

--
End of file - 7837 bytes



COMBOFIX LOG:

ComboFix 08-04-15.1 - Rob 2008-04-15 15:56:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2596 [GMT -7:00]
Running from: C:\Documents and Settings\Rob\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rob\Local Settings\Temporary Internet Files\SBXF_PCDVT_LB_2_13_0012.exe
C:\WINDOWS\system32\cs.dat
C:\WINDOWS\system32\duis.txt
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 15:35 . 2008-04-15 15:35 54,916 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000005-00311102}.rfx
2008-04-15 15:35 . 2008-04-15 15:35 54,916 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-0000000B-00001102-00000005-00311102}.rfx
2008-04-15 15:35 . 2008-04-15 15:35 788 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000B-00001102-00000005-00311102}.rfx
2008-04-15 15:33 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll
2008-04-15 14:31 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-15 11:10 . 2008-04-15 15:40 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-15 10:55 . 2008-04-15 10:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-15 10:50 . 2008-04-15 10:50 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-15 10:38 . 2008-04-15 10:38 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-04-15 10:38 . 2008-04-15 10:38 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Nero
2008-04-15 10:36 . 2008-04-15 10:36 <DIR> d-------- C:\Program Files\Nero
2008-04-15 10:36 . 2008-04-15 10:37 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-04-15 10:36 . 2008-04-15 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-15 08:53 . 2008-04-15 08:55 <DIR> d-------- C:\MyVideos
2008-04-14 22:38 . 2008-04-14 22:38 4,096 --ahs---- C:\VSM000.IDX
2008-04-11 07:14 . 2008-04-11 07:14 97,728 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-04-08 17:04 . 2008-04-08 21:48 <DIR> d-------- C:\VideoOutput
2008-04-07 18:06 . 2008-04-08 16:20 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Pegasys Inc
2008-04-07 18:05 . 2008-04-08 16:20 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-04-07 10:58 . 2008-04-07 10:58 <DIR> d-------- C:\Program Files\eRightSoft
2008-04-06 09:22 . 2008-03-29 11:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-06 09:22 . 2008-03-29 11:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 11:59 . 2008-03-31 11:59 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Snapfish
2008-03-17 13:09 . 2008-03-17 13:09 <DIR> d-------- C:\Program Files\QuickTime
2008-03-17 12:23 . 2008-03-17 12:24 <DIR> d-------- C:\Documents and Settings\Rob\Application Data\Media Player Classic
2008-03-17 12:22 . 2008-03-17 12:22 <DIR> d-------- C:\Program Files\AviSynth 2.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 22:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-15 22:33 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-04-15 22:33 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-04-15 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-04-15 22:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 22:32 --------- d-----w C:\Documents and Settings\Rob\Application Data\Creative
2008-04-15 21:15 --------- d-----w C:\Program Files\WinTV
2008-04-15 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-15 17:49 --------- d-----w C:\Program Files\CyberLink
2008-04-15 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-15 05:56 --------- d-----w C:\Program Files\Quicken
2008-04-08 23:25 --------- d-----w C:\Documents and Settings\Rob\Application Data\Azureus
2008-04-06 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-06 16:30 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-04-06 16:15 --------- d-----w C:\Program Files\Wise Disk Cleaner
2008-04-06 15:45 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-24 15:49 --------- d-----w C:\Program Files\Common Files\Nikon
2008-03-24 15:48 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL
2008-03-24 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ultima_T15
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 22:24 93,128 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
2008-03-12 14:17 --------- d-----w C:\Program Files\iTunes
2008-03-12 14:17 --------- d-----w C:\Program Files\iPod
2008-03-12 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-09 19:57 --------- d-----w C:\Documents and Settings\Rob\Application Data\Corel
2008-03-09 19:44 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-09 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-03-09 19:25 --------- d-----w C:\Program Files\Azureus
2008-03-04 15:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avery
2008-03-04 01:59 --------- d-----w C:\Documents and Settings\Rob\Application Data\Canon
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-29 00:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 23:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 04:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 16:45 189,464 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
2008-02-25 16:45 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
2008-02-25 16:44 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
2008-02-25 16:44 797,720 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
2008-02-25 16:44 162,840 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
2008-02-25 16:44 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
2008-02-25 16:44 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
2008-02-25 16:44 1,172,504 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
2008-02-25 16:43 524,312 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
2008-02-25 16:43 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
2008-02-25 16:43 346,856 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
2008-02-25 16:43 18,840 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
2008-02-25 16:43 127,000 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
2008-02-25 16:43 1,372,568 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
2008-02-25 16:43 1,366,424 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
2008-02-25 16:41 72,728 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
2008-02-25 16:41 566,296 ----a-w C:\WINDOWS\system32\CTSBLFX.DLL
2008-02-25 16:41 329,240 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
2008-02-25 16:41 286,232 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
2008-02-25 16:41 174,104 ----a-w C:\WINDOWS\system32\CTEAPSFX.DLL
2008-02-25 16:41 170,520 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
2008-02-25 16:41 134,680 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
2008-02-25 16:41 100,888 ----a-w C:\WINDOWS\system32\CTERFXFX.DLL
2008-02-25 16:41 1,323,544 ----a-w C:\WINDOWS\system32\CTEXFIFX.DLL
2008-02-25 16:40 98,328 ----a-w C:\WINDOWS\system32\COMMONFX.DLL
2008-02-25 16:40 551,960 ----a-w C:\WINDOWS\system32\CTAUDFX.DLL
2008-02-21 04:00 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
2008-02-21 03:59 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
2008-02-21 03:59 34,816 ----a-w C:\WINDOWS\system32\a3d.dll
2008-02-21 03:59 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
2008-02-21 03:59 163,840 ----a-w C:\WINDOWS\system32\ctdvinst.dll
2008-02-21 03:59 11,776 ----a-w C:\WINDOWS\INRES.DLL
2008-02-21 03:55 969,216 ----a-w C:\WINDOWS\system32\CTxfispi.exe
2008-02-21 03:55 43,520 ----a-w C:\WINDOWS\system32\Ctxfireg.exe
2008-02-21 03:55 10,752 ----a-w C:\WINDOWS\system32\Ct20xspi.dll
2008-02-21 03:49 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll
2008-02-21 03:47 49,152 ----a-w C:\WINDOWS\system32\ctdproxy.dll
2008-02-21 03:47 46,592 ----a-w C:\WINDOWS\system32\ctasio.dll
2008-02-21 03:47 174,592 ----a-w C:\WINDOWS\system32\ct_oal.dll
2007-09-10 04:22 88 --sh--r C:\WINDOWS\system32\E6CBB39485.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-04-11 07:42 2075584]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"HDSPTray2"="hdspmix.exesav" []
"HDSPTray1"="hdsp32.exesav" []
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 16:19 1582616]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 11:37 79224]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [2006-01-31 12:23:15 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

R0 AACmgt;AACmgt;C:\WINDOWS\system32\drivers\AACmgt.sys [2005-02-18 20:29]
R0 aar81xx;aar81xx;C:\WINDOWS\system32\DRIVERS\aar81xx.sys [2006-09-25 10:57]
R0 stcvsm;stcvsm;C:\WINDOWS\system32\drivers\stcvsm.sys [2007-10-24 06:46]
R0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys [2003-10-31 04:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 11:31]
R1 sbmount;StorageCraft Image Mount Driver;C:\WINDOWS\system32\drivers\sbmount.sys [2007-11-02 15:27]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R2 ShadowProtectSvc;ShadowProtect Service;"C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe" [2007-11-02 15:59]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;C:\WINDOWS\system32\vsnapvss.exe [2007-08-21 19:38]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2007-05-10 15:43]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys []
S2 ubsbm;Unibrain 1394 SBM Driver;C:\WINDOWS\system32\DRIVERS\ubsbm.sys [2005-07-27 18:25]
S2 ubumapi;Unibrain 1394 FireAPI Driver;C:\WINDOWS\system32\DRIVERS\ubumapi.sys [2005-07-27 18:25]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2006-06-21 14:22]
S3 ATICXTUN;ATI TV Wonder 200 Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2006-06-21 14:22]
S3 ATICXXBR;ATI TV Wonder 200 A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2006-06-21 14:22]
S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 16:30]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\fd_dbus.sys [2005-01-17 17:46]
S3 fd_dmdfl;FutureDial USB Modem Filter;C:\WINDOWS\system32\DRIVERS\fd_dmdfl.sys [2005-01-17 17:46]
S3 fd_dmdm;FutureDial USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\fd_dmdm.sys [2005-01-17 17:46]
S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 15:11]
S3 hdsp;RME Hammerfall Audio Device;C:\WINDOWS\system32\DRIVERS\hdsp.sys [2005-09-15 17:30]
S3 ubohci;Unibrain 1394 OHCI Driver;C:\WINDOWS\system32\DRIVERS\ubohci.sys [2005-07-27 18:25]
S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-01-30 15:16]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 04:54:10 C:\WINDOWS\Tasks\JkDefrag.job"
- C:\WINDOWS\tasks\JkDefragTask.cmd
"2008-04-15 22:40:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 15:58:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2008-04-15 15:59:49
ComboFix-quarantined-files.txt 2008-04-15 22:59:16

Pre-Run: 61,382,275,072 bytes free
Post-Run: 63,029,006,336 bytes free
.
2008-04-15 15:26:37 --- E O F ---


Looking forward to a response .................. Rob

Edited by goldberg96, 15 April 2008 - 05:07 PM.

  • 0

#4
greyknight17
Posted 15 April 2008 - 08:39 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Rob, how is it running so far after running Combofix? The logs look clear now...

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and type in Combofix /u and hit OK. You should be set to go.

Edited by greyknight17, 15 April 2008 - 08:40 PM.

  • 0

#5
goldberg96
Posted 16 April 2008 - 08:10 AM

goldberg96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Things seem to be stable. I really appreciate your help and the help of everyone in this great forum.
  • 0

#6
greyknight17
Posted 16 April 2008 - 08:23 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP