Forum Home
Press F1
Thread ID: 90077	2008-05-22 08:10:00	Cant get rid of Virtumonde virus	Kryptos (2831)	Press F1

Post ID	Timestamp	Content	User
671628	2008-05-22 22:48:00	the other thing is to run the antispyware and antivirus while in safe mode.	tweak'e (69)
671629	2008-05-25 08:46:00	Cheers for the help but the thing that seemed to do the trick was Malwarebyte's Anti-Malware. Had to do two scans, then it came up clean on three different programs. Hopefully its gone!	Kryptos (2831)
671630	2008-05-26 00:03:00	Lets make sure it has gone... Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer. Please visit this webpage for download links, and instructions for running ComboFix (www.bleepingcomputer.com) When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require. Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.	Pancake (6359)
671631	2008-05-26 02:06:00	ComboFix 08-05-25 . 3 - Jarin 2008-05-26 12:59:36 . 1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6 . 0 . 6001 . 1 . 1252 . 1 . 1033 . 18 . 1146 [GMT 12:00] Running from: C:\Users\Jarin\Downloads\ComboFix . exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\evwdndlv . exe C:\Windows\system32\gbwsxrwn . dll C:\Windows\system32\sxbdawoa . exe . ((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 ))))))))))))))))))))))))))))))) . 2008-05-25 12:20 . 2008-05-25 12:20 <DIR> d-------- C:\ProgramData\Nokia 2008-05-24 12:24 . 2008-05-24 16:20 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\Smart Recorder 2008-05-23 23:53 . 2008-05-23 23:53 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\Ubisoft 2008-05-23 23:53 . 2008-05-23 23:53 <DIR> d-------- C:\ProgramData\Ubisoft 2008-05-23 23:00 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37 . dll 2008-05-23 22:47 . 2008-05-23 23:00 <DIR> d--h----- C:\Windows\msdownld . tmp 2008-05-22 23:03 . 2008-05-22 23:03 <DIR> d-------- C:\ProgramData\Steam 2008-05-22 23:03 . 2008-05-22 23:24 <DIR> d-------- C:\ProgramData\PopCap Games 2008-05-22 22:06 . 2008-05-22 22:06 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\Malwarebytes 2008-05-22 22:06 . 2008-05-22 22:06 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-05-22 22:06 . 2008-05-22 22:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-22 22:06 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme . sys 2008-05-22 22:06 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam . sys 2008-05-22 20:29 . 2008-05-22 20:29 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-22 14:29 . 2004-03-09 01:00 1,081,616 --a------ C:\Windows\System32\MSCOMCTL . OCX 2008-05-22 14:29 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml . dll 2008-05-22 12:07 . 2008-05-22 13:32 <DIR> d-------- C:\ProgramData\Lavasoft 2008-05-22 10:21 . 2008-05-22 18:52 199 --a------ C:\Windows\wininit . ini 2008-05-22 09:49 . 2008-05-22 10:18 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-05-22 09:49 . 2008-05-22 09:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-22 09:20 . 2008-05-22 09:20 51,200 --a------ C:\Windows\System32\krhtyasl . dll 2008-05-21 08:10 . 2008-05-21 08:10 51,200 --a------ C:\Windows\System32\pwquoavp . dll 2008-05-20 21:27 . 2008-05-24 00:04 <DIR> d-------- C:\Program Files\Assassins Creed 2008-05-18 16:16 . 2008-05-18 16:16 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\Nero 2008-05-18 16:14 . 2008-05-18 16:14 <DIR> d-------- C:\ProgramData\Ahead 2008-05-18 10:48 . 2008-05-18 11:01 <DIR> d-------- C:\Windows\nvidia icons 2008-05-18 10:47 . 2008-05-02 22:46 768,544 --a------ C:\Windows\System32\nvcplui . exe 2008-05-18 10:47 . 2008-05-02 22:46 420,384 --a------ C:\Windows\System32\nvcpl . cpl 2008-05-18 10:47 . 2008-05-02 22:46 313,888 --a------ C:\Windows\System32\nvexpbar . dll 2008-05-18 10:46 . 2008-04-30 17:27 442,368 --a------ C:\Windows\System32\NVUNINST . EXE 2008-05-16 01:12 . 2008-05-16 01:12 1,080 --a------ C:\Windows\System32\settingsbkup . sfm 2008-05-16 01:12 . 2008-05-16 01:12 1,080 --a------ C:\Windows\System32\settings . sfm 2008-05-15 18:21 . 2003-06-12 23:25 7,062 --a------ C:\Windows\System32\audiopid . vxd 2008-05-13 21:16 . 2008-05-21 20:25 <DIR> d--h----- C:\Users\Jarin\AppData\Roaming\GTek 2008-05-13 21:16 . 2008-05-21 20:25 <DIR> d-ah----- C:\ProgramData\Gtek 2008-05-10 17:17 . 2008-05-10 17:17 <DIR> d-------- C:\Windows\Sun 2008-05-10 17:17 . 2008-05-10 17:17 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\SystemRequirementsL ab 2008-05-09 09:24 . 2008-05-09 09:24 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_ 00_00 . Wdf 2008-05-03 15:36 . 2008-05-03 15:36 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\Nokia Multimedia Player 2008-05-02 20:02 . 2008-05-02 20:02 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\InstallShield Installation Information 2008-05-02 19:43 . 2008-05-02 19:43 <DIR> d-------- C:\Program Files\Unreal Tournament 3 2008-05-02 19:43 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35 . dll 2008-05-02 19:42 . 2008-05-02 19:42 <DIR> d-------- C:\Windows\System32\AGEIA 2008-05-02 19:42 . 2008-05-22 13:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-02 19:42 . 2008-05-02 19:42 <DIR> d-------- C:\Program Files\AGEIA Technologies 2008-05-02 05:59 . 2008-05-02 05:59 122,368 --a------ C:\Windows\System32\drivers\Rtlh86 . sys 2008-04-28 00:14 . 2008-04-28 00:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_PCCSWpdDrive r_01_05_00 . Wdf 2008-04-28 00:13 . 2008-04-28 00:13 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_010 05 . Wdf 2008-04-28 00:12 . 2008-04-28 00:14 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\PC Suite 2008-04-28 00:12 . 2008-04-29 22:32 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\Nokia 2008-04-28 00:12 . 2008-04-28 00:13 <DIR> d-------- C:\ProgramData\PC Suite 2008-04-28 00:10 . 2008-04-28 00:10 <DIR> d-------- C:\Program Files\DIFX 2008-04-28 00:10 . 2008-04-28 00:10 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-04-28 00:10 . 2008-05-25 12:19 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-04-28 00:10 . 2007-09-17 15:53 21,632 --a------ C:\Windows\System32\drivers\pccsmcfd . sys 2008-04-28 00:09 . 2008-04-28 00:09 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-04-28 00:06 . 2008-02-01 15:17 90,624 --a------ C:\Windows\System32\nmwcdcls . dll 2008-04-28 00:05 . 2008-05-25 12:18 <DIR> d-------- C:\ProgramData\Installations 2008-04-28 00:05 . 2008-05-25 12:20 <DIR> d-------- C:\Program Files\Nokia 2008-04-27 18:02 . 2008-04-27 18:02 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\Media Player Classic 2008-04-27 15:12 . 2008-04-27 15:12 <DIR> d--hs---- C:\Diskeeper 2008-04-27 14:52 . 2008-04-27 14:52 <DIR> d-------- C:\ProgramData\Diskeeper Corporation 2008-04-27 14:39 . 2008-04-27 14:39 <DIR> d-------- C:\Program Files\Google 2008-04-27 13:50 . 2008-05-24 11:40 <DIR> d-------- C:\Users\Jarin\AppData\Roaming\mIRC 2008-04-27 13:50 . 2008-05-24 10:46 <DIR> d-------- C:\Program Files\mIRC 2008-04-27 10:47 . 2008-04-30 19:54 <DIR> d-------- C:\ProgramData\DVD Shrink 2008-04-27 10:47 . 2008-04-27 10:47 <DIR> d-------- C:\Program Files\DVD Shrink 2008-04-26 20:00 . 2008-04-26 20:00 <DIR> dr-h----- C:\MSOCache 2008-04-26 16:03 . 2008-04-26 16:03 <DIR> d-------- C:\Program Files\CCleaner 2008-04-26 15:32 . 2008-04-26 15:32 <DIR> d-------- C:\Program Files\Diskeeper Corporation 2008-04-26 09:30 . 2008-04-26 09:30 <DIR> d-------- C:\Program Files\Real Alternative . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-05-25 21:43 --------- d-----w C:\Program Files\Steam 2008-05-25 21:40 --------- d-----w C:\Program Files\Common Files\Steam 2008-05-25 19:58 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5 2008-05-25 06:08 --------- d---a-w C:\ProgramData\TEMP 2008-05-25 05:16 --------- d-----w C:\Program Files\Spyware Doctor 2008-05-19 20:01 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-18 04:14 --------- d-----w C:\Users\Jarin\AppData\Roaming\Ahead 2008-05-17 23:02 --------- d-----w C:\ProgramData\NVIDIA 2008-05-15 06:20 --------- d-----w C:\Program Files\Creative 2008-05-15 06:19 --------- d-----w C:\Users\Jarin\AppData\Roaming\Creative 2008-05-15 06:19 --------- d-----w C:\ProgramData\Creative 2008-05-14 12:26 --------- d-----w C:\Program Files\Windows Mail 2008-05-02 11:47 --------- d-----w C:\Program Files\MagicISO 2008-05-02 10:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm . sys 2008-04-25 22:16 --------- d-----w C:\Program Files\Windows Live 2008-04-25 22:13 --------- d-----w C:\ProgramData\WLInstaller 2008-04-25 21:28 --------- d-----w C:\ProgramData\CopyTransControlCenter 2008-04-25 10:38 --------- d-----w C:\Users\Jarin\AppData\Roaming\CopyTrans 2008-04-25 10:30 --------- d-----w C:\Users\Jarin\AppData\Roaming\CopyTransControlCen ter 2008-04-25 10:24 --------- d-----w C:\Users\Jarin\AppData\Roaming\SyncGuardian 2008-04-25 10:23 --------- d-----w C:\Users\Jarin\AppData\Roaming\iLibs 2008-04-25 06:21 --------- d-----w C:\Program Files\Java 2008-04-25 06:16 --------- d-----w C:\Program Files\Common Files\Java 2008-04-25 04:51 --------- d-----w C:\Program Files\WindSolutions 2008-04-25 00:58 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-24 07:07 --------- d-----w C:\Program Files\BitComet 2008-04-24 05:28 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2008-04-23 19:32 --------- d-----w C:\Program Files\MSXML 4 . 0 2008-04-23 07:33 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-23 07:32 --------- d-----w C:\Users\Jarin\AppData\Roaming\vlc 2008-04-23 07:30 --------- d-----w C:\ProgramData\Nero 2008-04-23 07:30 --------- d-----w C:\Program Files\Nero 2008-04-23 07:19 --------- d-----w C:\Program Files\VideoLAN 2008-04-23 06:16 --------- d-----w C:\Users\Jarin\AppData\Roaming\Symantec 2008-04-23 05:23 --------- d-----w C:\ProgramData\Symantec 2008-04-23 05:20 --------- d-----w C:\Program Files\Symantec 2008-04-23 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-22 11:57 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00 . Wdf 2008-04-22 11:22 --------- d-----w C:\Program Files\Apple Software Update 2008-04-22 11:08 --------- d-----w C:\Users\Jarin\AppData\Roaming\Apple Computer 2008-04-22 11:07 --------- d-----w C:\ProgramData\Apple Computer 2008-04-22 11:07 --------- d-----w C:\Program Files\iTunes 2008-04-22 11:07 --------- d-----w C:\Program Files\iPod 2008-04-22 11:06 --------- d-----w C:\Program Files\QuickTime 2008-04-22 11:06 --------- d-----w C:\Program Files\Bonjour 2008-04-22 11:04 --------- d-----w C:\ProgramData\Apple 2008-04-22 11:04 --------- d-----w C:\Program Files\Common Files\Apple 2008-04-22 09:55 --------- d-----w C:\Program Files\ID Software 2008-04-22 08:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-22 08:14 --------- d-----w C:\Program Files\Common Files\Creative Labs Shared 2008-04-22 06:31 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-04-21 19:53 --------- d-----w C:\Users\Jarin\AppData\Roaming\PC Tools 2008-04-21 19:23 --------- d-----w C:\Users\Jarin\AppData\Roaming\BitDefender 2008-04-21 19:23 --------- d-----w C:\ProgramData\BitDefender 2008-04-21 19:17 --------- d-----w C:\Program Files\Common Files\BitDefender 2008-04-21 19:17 --------- d-----w C:\Program Files\BitDefender 2008-04-21 11:43 --------- d-----w C:\Program Files\OpenAL 2008-04-21 11:35 174 --sha-w C:\Program Files\desktop . ini 2008-04-21 11:30 --------- d-----w C:\Program Files\Windows Sidebar 2008-04-21 11:30 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-04-21 11:30 --------- d-----w C:\Program Files\Windows Journal 2008-04-21 11:30 --------- d-----w C:\Program Files\Windows Defender 2008-04-21 11:30 --------- d-----w C:\Program Files\Windows Collaboration 2008-04-21 11:30 --------- d-----w C:\Program Files\Windows Calendar 2008-04-21 11:08 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-04-21 11:06 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-21 10:51 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-21 10:36 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-04-21 10:16 41,984 ----a-w C:\Windows\system32\drivers\monitor . sys . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar . exe" [2008-01-19 19:33 1233920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor . exe" [2007-06-27 19:03 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow . exe" [2007-10-09 15:46 61440] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent . exe" [2008-02-16 17:45 360448] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint . exe" [2007-09-01 07:01 1037736] "CTHelper"="CTHELPER . EXE" [2008-02-20 20:58 19456 C:\Windows\System32\CTHELPER . EXE] "CTxfiHlp"="CTXFIHLP . EXE" [2008-02-20 20:58 19968 C:\Windows\System32\CTXFIHLP . EXE] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype . exe" [2007-08-31 12:13 988584] "NvCplDaemon"="C:\Windows\system32\NvCpl . dll" [2008-05-02 22:46 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray . dll" [2008-05-02 22:46 92704] "RegistryMechanic"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3446459511-2626758654-3213401989-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{1F480269-BA2D-49C7-8749-423F3C7AC2A3}"= C:\Program Files\Windows Live\Messenger\livecall . exe:Windows Live Messenger (Phone) "{036BC3B0-8370-4E5B-824D-0EAC5397ABFF}"= C:\Program Files\Windows Live\Messenger\livecall . exe:Windows Live Messenger (Phone) "{465C604A-4B94-4656-8AFB-26D34B160545}"= UDP:C:\Program Files\Bonjour\mDNSResponder . exe:Bonjour "{28AC3378-CFB7-44E6-B607-61370F5299FF}"= TCP:C:\Program Files\Bonjour\mDNSResponder . exe:Bonjour "{CCBB35B4-0E04-4473-AD7C-4F3EF872ECC5}"= UDP:C:\Program Files\iTunes\iTunes . exe:iTunes "{CB89C678-60A9-4281-803B-5E5A68659598}"= TCP:C:\Program Files\iTunes\iTunes . exe:iTunes "{00219599-6704-446B-B31D-91BB3607B786}"= UDP:8478:BitComet 8478 TCP "{98FF9C8B-E5D6-4EEC-9EA7-546E1ACE6E7F}"= TCP:8478:BitComet 8478 UDP "{360D2D7F-7C65-4B87-BDB4-162494DFF98A}"= C:\Program Files\Windows Live\Messenger\livecall . exe:Windows Live Messenger (Phone) "{8CC763F3-9662-4865-899F-775C4BB1F5AE}"= C:\Program Files\Windows Live\Messenger\livecall . exe:Windows Live Messenger (Phone) "{98F185C4-6C54-45CB-AC95-365A144EB3C4}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3 . exe:Unreal Tournament 3 "{52C002FC-7A09-4E85-9088-01B864A479CC}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3 . exe:Unreal Tournament 3 "{21E79152-F8D5-44D6-B525-4D198BE0206D}"= UDP:8478:BitComet 8478 TCP "{68063835-A5D4-46B3-9250-DD62392E777F}"= TCP:8478:BitComet 8478 UDP "{50EE5124-B622-40CE-8F44-F5FEB9DA8D7D}"= UDP:26194:BitComet 26194 TCP "{8AABA813-AE84-4303-8EAA-5125B6A7C336}"= TCP:26194:BitComet 26194 UDP [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc . exe [2008-03-07 19:24] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec . exe [2008-01-28 11:43] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf . sys [2008-01-25 15:40] R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k . sys [2008-02-25 09:44] S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing . exe" [2008-04-22 20:14] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\Windows\system32\DRIVERS\pccsmcfd . sys [2007-09-17 15:53] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService . exe [2008-05-25 19:59] S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\system32\dllhost . exe [2006-11-02 21:45] S3 upperdev;upperdev;C:\Windows\system32\DRIVERS\usbs er_lowerflt . sys [2007-11-29 10:39] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . ************************************************** ************************ catchme 0 . 3 . 1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www . gmer . net Rootkit scan 2008-05-26 13:10:08 Windows 6 . 0 . 6001 Service Pack 1 NTFS scanning hidden processes . . . scanning hidden autostart entries . . . scanning hidden files . . . scan completed successfully hidden files: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\nvvsvc . exe C:\Windows\System32\audiodg . exe C:\Windows\System32\rundll32 . exe C:\Windows\System32\rundll32 . exe C:\Windows\System32\CTXFISPI . EXE C:\Program Files\Microsoft IntelliPoint\dpupdchk . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\Program Files\Bonjour\mDNSResponder . exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService . exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr . exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv . exe C:\Program Files\BitDefender\BitDefender 2008\vsserv . exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService . exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr . exe C:\Program Files\Windows Media Player\wmpnscfg . exe C:\Program Files\Windows Media Player\wmpnetwk . exe C:\Windows\System32\wbem\WMIADAP . exe . ************************************************** ************************ . Completion time: 2008-05-26 13:14:12 - machine was rebooted ComboFix-quarantined-files . txt 2008-05-26 01:14:02 Pre-Run: 96,564,068,352 bytes free Post-Run: 96,421,875,712 bytes free 255 --- E O F --- 2008-05-24 22:20:13 Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 1:18:22 PM, on 5/26/2008 Platform: Windows Vista SP1 (WinNT 6 . 00 . 1905) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6001 . 18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng . exe C:\Windows\system32\Dwm . exe C:\Program Files\BitDefender\BitDefender 2008\bdagent . exe C:\Program Files\Microsoft IntelliPoint\ipoint . exe C:\Windows\System32\CTHELPER . EXE C:\Windows\System32\CTXFIHLP . EXE C:\Program Files\Microsoft IntelliType Pro\itype . exe C:\Windows\System32\rundll32 . exe C:\Windows\System32\CTXFISPI . EXE C:\Program Files\Windows Sidebar\sidebar . exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor . exe C:\Program Files\Microsoft IntelliPoint\dpupdchk . exe C:\Program Files\Windows Sidebar\sidebar . exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr . exe C:\Program Files\Windows Media Player\wmpnscfg . exe C:\Windows\Explorer . exe C:\Windows\system32\notepad . exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe C:\Windows\system32\NOTEPAD . EXE C:\Windows\system32\SearchFilterHost . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . msn . co . nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1 . 2 . 2 . 28 . dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar . dll O4 - HKLM\ . . \Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow . exe" O4 - HKLM\ . . \Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent . exe" O4 - HKLM\ . . \Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint . exe" O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKLM\ . . \Run: [CTxfiHlp] CTXFIHLP . EXE O4 - HKLM\ . . \Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype . exe" O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\Windows\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\Windows\system32\NvMcTray . dll,NvTaskbarInit O4 - HKCU\ . . \Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar . exe /autoRun O4 - HKCU\ . . \Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor . exe" O4 - HKUS\S-1-5-19\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\ . . \Run: [WindowsWelcomeCenter] rundll32 . exe oobefldr . dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddLink . htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddVideo . htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddAllLink . htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1 . 2 . 2 . 28 . dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - . creative . com/softwareupdate/su/ocx/15031/CTSUEng . cab" target="_blank">www . creative . com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - . symantec . com/sscv6/SharedContent/vc/bin/AvSniff . cab" target="_blank">security . symantec . com O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - . symantec . com/techsupp/asa/ss/sa/sa_cabs/tgctlsi . cab" target="_blank">www-secure . symantec . com O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - . symantec . com/techsupp/asa/ss/sa/sa_cabs/tgctlsr . cab" target="_blank">www-secure . symantec . com O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - . symantec . com/techsupp/asa/ss/sa/sa_cabs/tgctlcm . cab" target="_blank">www-secure . symantec . com O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - . zone . msn . com/binary/SolitaireShowdown . cab56986 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - . symantec . com/sscv6/SharedContent/common/bin/cabsa . cab" target="_blank">security . symantec . com O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - . nvidia . com/content/DriverDownload/srl/2 . 0 . 0 . 1/sysreqlab2 . cab" target="_blank">www . nvidia . com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - . zone . msn . com/binary/MessengerStatsPAClient . cab56907 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/get/flashplayer/current/swflash . cab" target="_blank">fpdownload2 . macromedia . com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - . creative . com/softwareupdate/su/ocx/15034/CTPID . cab" target="_blank">www . creative . com O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: Bonjour Service - Apple Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing . exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc . exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv . exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4 . EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService . exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc . exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd . - C:\Program Files\Spybot - Search & Destroy\SDWinSec . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: ServiceLayer - Nokia . - C:\Program Files\PC Connectivity Solution\ServiceLayer . exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService . exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S . R . L . - C:\Program Files\BitDefender\BitDefender 2008\vsserv . exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr . exe -- End of file - 8500 bytes	Kryptos (2831)
671632	2008-05-26 02:25:00	Ok . Just these last two to remove and your clean . . Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions . It's IMPORTANT to carry out the instructions in the sequence listed below . 1 . Close any open browsers . 2 . Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix . Open *notepad* and copy/paste the text in the quotebox below into it: Killall:: File:: C:\Windows\System32\krhtyasl . dll C:\Windows\System32\pwquoavp . dll Save this as CFScript . txt, in the same location as ComboFix . exe which is on the Desktop . . pandora . be/bluepatchy/miekiemoes/images/CFScript . gif" target="_blank">users . pandora . be Refering to the picture above, drag CFScript . txt into ComboFix . exe When finished, it shall produce a log for you at C:\ComboFix . txt Please copy and paste the ComboFix . txt along with a fresh HijackThis log in your next reply please . *Note: Do not mouseclick combofix's window whilst it's running . That may cause it to stall . Altering this script in any way could damage your computer*	Pancake (6359)
671633	2008-05-26 03:51:00	Couldnt do it, gave me a blue screen saying it was preventing damage to my computer or something and system restarted.	Kryptos (2831)
671634	2008-05-26 04:37:00	Never had that happen before . . . . Ok . Lets do it this way . . . Download The Avenger by Swandog46 from here ( . geekstogo . com/avenger2/download . php" target="_blank">swandog46 . geekstogo . com) . Unzip/extract it to a folder on your desktop . Double click on avenger . exe to run The Avenger . Click OK . Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it . Copy all of the text in the below textbox to the clipboard by highlighting it and then pressing Ctrl+C . Files to delete: C:\Windows\System32\krhtyasl . dll C:\Windows\System32\pwquoavp . dll In the avenger window, click the Paste Script from Clipboard, . imageshack . us/img220/8923/pastets4 . png" target="_blank">img220 . imageshack . us button . Click the Execute button . You will be asked Are you sure you want to execute the current script? . Click Yes . You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot . Reboot now? . Click Yes . Your PC will now be rebooted . Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation . If that is the case, it will force a BSOD on the first reboot . This is normal & expected behaviour . After your PC has completed the necessary reboots, a log should automatically open . If it does not automatically open, then the log can be found at %systemdrive%\avenger . txt (typically C:\avenger . txt) . Please post this log, along with a new HijackThis log in your next reply .	Pancake (6359)
671635	2008-05-26 04:47:00	Ok here we go: Logfile of The Avenger Version 2 . 0, (c) by Swandog46 http://swandog46 . geekstogo . com Platform: Windows Vista ******************* Script file opened successfully . Script file read successfully . Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active . No rootkits found! File "C:\Windows\System32\krhtyasl . dll" deleted successfully . File "C:\Windows\System32\pwquoavp . dll" deleted successfully . Completed script processing . ******************* Finished! Terminate . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 15:57, on 2008-05-26 Platform: Windows Vista SP1 (WinNT 6 . 00 . 1905) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6001 . 18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng . exe C:\Windows\system32\Dwm . exe C:\Windows\Explorer . EXE C:\Windows\system32\NOTEPAD . EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent . exe C:\Program Files\Microsoft IntelliPoint\ipoint . exe C:\Windows\System32\CTHELPER . EXE C:\Windows\System32\CTXFIHLP . EXE C:\Program Files\Microsoft IntelliType Pro\itype . exe C:\Windows\System32\rundll32 . exe C:\Program Files\Windows Sidebar\sidebar . exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor . exe C:\Program Files\Microsoft IntelliPoint\dpupdchk . exe C:\Windows\System32\CTXFISPI . EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr . exe C:\Program Files\Windows Media Player\wmpnscfg . exe C:\Program Files\Windows Sidebar\sidebar . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www . msn . co . nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1 . 2 . 2 . 28 . dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_05\bin\ssv . dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin . dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar . dll O4 - HKLM\ . . \Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow . exe" O4 - HKLM\ . . \Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent . exe" O4 - HKLM\ . . \Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint . exe" O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKLM\ . . \Run: [CTxfiHlp] CTXFIHLP . EXE O4 - HKLM\ . . \Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype . exe" O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\Windows\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\Windows\system32\NvMcTray . dll,NvTaskbarInit O4 - HKCU\ . . \Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar . exe /autoRun O4 - HKCU\ . . \Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor . exe" O4 - HKUS\S-1-5-19\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\ . . \Run: [WindowsWelcomeCenter] rundll32 . exe oobefldr . dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar . exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddLink . htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddVideo . htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddAllLink . htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1 . 2 . 2 . 28 . dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper . dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - . creative . com/softwareupdate/su/ocx/15031/CTSUEng . cab" target="_blank">www . creative . com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - . symantec . com/sscv6/SharedContent/vc/bin/AvSniff . cab" target="_blank">security . symantec . com O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - . symantec . com/techsupp/asa/ss/sa/sa_cabs/tgctlsi . cab" target="_blank">www-secure . symantec . com O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - . symantec . com/techsupp/asa/ss/sa/sa_cabs/tgctlsr . cab" target="_blank">www-secure . symantec . com O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - . symantec . com/techsupp/asa/ss/sa/sa_cabs/tgctlcm . cab" target="_blank">www-secure . symantec . com O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - . eset . eu/buxus/docs/OnlineScanner . cab" target="_blank">www . eset . eu O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - . zone . msn . com/binary/SolitaireShowdown . cab56986 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - . symantec . com/sscv6/SharedContent/common/bin/cabsa . cab" target="_blank">security . symantec . com O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - . nvidia . com/content/DriverDownload/srl/2 . 0 . 0 . 1/sysreqlab2 . cab" target="_blank">www . nvidia . com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - . zone . msn . com/binary/MessengerStatsPAClient . cab56907 . cab" target="_blank">messenger . zone . msn . com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/get/flashplayer/current/swflash . cab" target="_blank">fpdownload2 . macromedia . com O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - . creative . com/softwareupdate/su/ocx/15034/CTPID . cab" target="_blank">www . creative . com O23 - Service: Apple Mobile Device - Apple, Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: Bonjour Service - Apple Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing . exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc . exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv . exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4 . EXE O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService . exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc . exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd . - C:\Program Files\ Spybot - Search & Destroy\SDWinSec . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: ServiceLayer - Nokia . - C:\Program Files\PC Connectivity Solution\ServiceLayer . exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService . exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S . R . L . - C:\Program Files\BitDefender\BitDefender 2008\vsserv . exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr . exe -- End of file - 8491 bytes	Kryptos (2831)
671636	2008-05-26 05:10:00	Ok.Your good to go...... This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted text below and click OK. ComboFix /u	Pancake (6359)
671637	2008-05-26 07:45:00	Wicked thanks for your help guys	Kryptos (2831)
1 2 3