PDA

View Full Version : Malware (ZLOB started it)



DarkWarrior007
2007-10-24, 16:17
Hi hope you can help Im tearing my hair since getting this zlob thing My computer is scaring me to death with all these warnings and false virus checkers
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 24, 2007 1:19:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/10/2007
Kaspersky Anti-Virus database records: 443703
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan Statistics:
Total number of scanned objects: 117995
Number of viruses found: 21
Number of infected objects: 51
Number of suspicious objects: 0
Duration of the scan process: 01:33:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ntl\ntl Netguard\logs\Fws.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ntl\ntl Netguard\logs\ServiceModel10-24-2007--10-29-56.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/imsmain.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/iesbpl.dll Infected: not-a-virus:AdWare.Win32.Agent.cu skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/iesbunst.exe Infected: Trojan-Downloader.Win32.Zlob.bwk skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/iesmin.exe Infected: Trojan-Downloader.Win32.Zlob.doe skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/iesmn.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/iesplg.dll Infected: Trojan.Win32.StartPage.xl skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/iesunst.exe Infected: Trojan-Downloader.Win32.Zlob.bvj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/imsmain.exe_tobedeleted_old Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip/imsunst.exe Infected: Trojan-Downloader.Win32.Zlob.bvp skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip ZIP: infected - 8 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine\a.exe.bac_a02936 Infected: Trojan.Win32.BHO.bd skipped
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine\in[1].htm.bac_a00804 Infected: Exploit.HTML.Iframe.FileDownload.k skipped
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine\laf29.tmp.bac_a02936 Infected: Trojan.Win32.BHO.bd skipped
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine\xpl[1].wmf.bac_a00872 Infected: Trojan-Downloader.Win32.Agent.acd skipped
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine\ZbCoreSrv.dll.bac_a00872 Infected: not-a-virus:AdWare.Win32.HotBar.bz skipped
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine\ZbHostIE.dll.bac_a00872 Infected: not-a-virus:AdWare.Win32.HotBar.ca skipped
C:\Documents and Settings\Martin Duggan\Application Data\ntl\ntl Netguard\logs\SafetyConsoleLog10-24-2007--10-30-01.log Object is locked skipped
C:\Documents and Settings\Martin Duggan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\History\History.IE5\MSHist012007102420071025\index.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Temp\JETE147.tmp Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\ntuser.dat Object is locked skipped
C:\Documents and Settings\Martin Duggan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db Object is locked skipped
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\altlog.txt Object is locked skipped
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjblog.txt Object is locked skipped
C:\Program Files\ntl\broadband medic\log\mpbtn.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\ntl\broadband medic\SmartBridge\SmartBridge.log Object is locked skipped
C:\Program Files\SMART Board Software\SMARTBoardService.log Object is locked skipped
C:\Program Files\Video Add-on\icmntr.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\Program Files\Video Add-on\icthis.exe Infected: Trojan-Downloader.Win32.Zlob.dtk skipped
C:\Program Files\Video Add-on\ictmdl.dll Infected: not-a-virus:AdWare.Win32.Agent.rd skipped
C:\Program Files\Video Add-on\ictun.exe Infected: Trojan-Downloader.Win32.Zlob.dtl skipped
C:\Program Files\Video Add-on\icun.exe Infected: Trojan-Downloader.Win32.Zlob.dtm skipped
C:\Program Files\Video Add-on\isfmdl.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\Program Files\Video Add-on\isfmm.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\Program Files\Video Add-on\isfmntr.exe Infected: Trojan-Downloader.Win32.Zlob.dtp skipped
C:\Program Files\Video Add-on\isfun.exe Infected: Trojan-Downloader.Win32.Zlob.dtq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085789.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085790.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085791.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085815.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085816.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085817.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085891.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085892.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085893.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085932.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085933.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085934.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085966.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085967.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085968.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085997.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085998.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085999.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086027.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086028.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086029.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086054.dll Infected: Trojan-Downloader.Win32.Zlob.dtn skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086055.exe Infected: Trojan-Downloader.Win32.Zlob.dtj skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086056.exe Infected: Trojan-Downloader.Win32.Zlob.dto skipped
C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3A47BEFC-0ECE-4B4E-B28D-8CB396BE030F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\unpfrwb.dll Infected: Trojan-Downloader.Win32.Bojo.n skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_244.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\change.log Object is locked skipped
E:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\change.log Object is locked skipped

Scan process completed.

DarkWarrior007
2007-10-24, 16:22
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20:21, on 24/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Remote Master\Remote Master.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\WINDOWS\system32\PNTRoute.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B499D34E-58EF-4927-AB9F-7AF52B2C4C82} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: SparkleBox toolbar - {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: IE Custom Tools - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Remote Master] C:\Program Files\Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NoteTaker] C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119939227421
O16 - DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} (iVocalize Web Conference 4 Setup) - http://harmonicaclub.ivocalize.net/iv4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169672251765
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: bipinnatifid - {4688f900-0d0c-4788-b297-59cc10e70ccc} - (no file)
O22 - SharedTaskScheduler: enrobement - {0ee82408-3eef-49e3-9370-f94cf2e4034a} - C:\WINDOWS\system32\unpfrwb.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 18067 bytes

katana
2007-10-25, 01:06
Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.


Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D
No Antivirus
I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list
AVG Free (http://free.grisoft.com/doc/downloads-products/us/frt/0?prd=aff)
Avira AntiVir (http://www.free-av.com/)
Avast (http://www.avast.com/eng/products.html)

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST

Download and Run ComboFix

Download Combofix from one of the two links below :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Then double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

DarkWarrior007
2007-10-25, 18:41
Hi Katana

I have ntl netgaurd anti virus installed on computer hope this is upto the job.
was messing about yesterday and ran smitfraudfix this seemed to help.
have just ran combofix

ComboFix 07-10-23.1 - Martin Duggan 2007-10-25 16:25:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.118 [GMT 1:00]
Running from: C:\Documents and Settings\Martin Duggan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PopsMedia Site Adviser

.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 16:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 18:51 5,564 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-24 11:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-24 10:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-24 10:22 <DIR> d-------- C:\Documents and Settings\Martin Duggan\Application Data\AdwareAlert
2007-10-23 21:01 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-10-23 20:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-23 15:37 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-23 13:46 <DIR> d-------- C:\Program Files\Video Add-on
2007-10-07 15:29 <DIR> d-------- C:\Program Files\IVT Corporation
2007-10-07 13:42 <DIR> d-------- C:\Program Files\Lx_cats
2007-10-07 13:39 155,648 --a------ C:\WINDOWS\system32\lxcdins.dll
2007-10-07 13:38 <DIR> d-------- C:\Lexmark
2007-10-07 12:29 <DIR> d-------- C:\Program Files\Lexmark 6300 Series
2007-10-07 12:16 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-10-07 12:16 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-10-07 12:16 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-07 12:16 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-07 12:06 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-10-01 21:48 <DIR> d-------- C:\Program Files\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 15:23 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2007-10-25 13:58 --------- d-----w C:\Documents and Settings\Martin Duggan\Application Data\SolidDocuments
2007-10-25 08:27 --------- d-----w C:\Program Files\Common Files\Command Software
2007-10-25 08:24 --------- d-----w C:\Program Files\Google
2007-10-23 21:40 --------- d-----w C:\Program Files\Common Files\PestPatrol
2007-10-23 20:42 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-23 20:42 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-23 14:32 --------- d-----w C:\Program Files\Java
2007-10-07 10:26 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 20:01 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-15 20:00 --------- d-----w C:\Program Files\MSBuild
2007-09-15 19:58 --------- d-----w C:\Program Files\Guitar Speed Trainer
2007-09-15 19:57 --------- d-----w C:\Program Files\GuitarVision
2007-09-15 19:57 --------- d-----w C:\Program Files\GuitarFX 3
2007-09-15 19:54 --------- d-----w C:\Program Files\Reference Assemblies
2007-08-25 21:36 --------- d-----w C:\Program Files\RegCleaner
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-01-04 12:29 10,534 ----a-w C:\Program Files\Common Files\lmouse.sys
2006-04-30 21:04 112,920 ----a-w C:\Documents and Settings\Martin Duggan\Application Data\GDIPFONTCACHEV1.DAT
2005-08-11 11:08 0 ----a-w C:\Documents and Settings\Martin Duggan\Application Data\wklnhst.dat
2005-06-28 12:37:55 8 --sh--r C:\WINDOWS\system32\87DA489749.sys
2005-06-28 12:37:55 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ca4eedb3-5719-4e27-a478-8d13f761c28d}"= C:\Program Files\SparkleBox\tbSpar.dll [2006-05-30 12:03 961616]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-23 13:46 80384]

[HKEY_CLASSES_ROOT\CLSID\{ca4eedb3-5719-4e27-a478-8d13f761c28d}]

[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{CA4EEDB3-5719-4E27-A478-8D13F761C28D}"= C:\Program Files\SparkleBox\tbSpar.dll [2006-05-30 12:03 961616]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-23 13:46 80384]

[HKEY_CLASSES_ROOT\CLSID\{CA4EEDB3-5719-4E27-A478-8D13F761C28D}]

[HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 15:16]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 15:16]
"Dit"="Dit.exe" [2004-07-21 02:18 C:\WINDOWS\Dit.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 19:03]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 13:01 C:\WINDOWS\AGRSMMSG.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-06-20 14:29]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2004-12-10 19:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-28 16:06]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-03-16 10:56]
"Remote Master"="C:\Program Files\Remote Master\Remote Master.exe" [2005-03-07 19:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 23:12]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [2005-07-05 15:31]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 19:48]
"atwtusb"="atwtusb.exe" [2001-08-20 19:48 C:\WINDOWS\system32\Atwtusb.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 17:35]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 17:16]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 11:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"NoteTaker"="C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe" [2005-03-23 17:39]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 16:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Martin Duggan\Start Menu\Programs\Startup\
Registration-Studio 8.lnk - C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe [2006-04-28 18:45:21]
WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-06-24 01:23:00]

R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys
R2 MSSQL$XNETVIEW;MSSQL$XNETVIEW;C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Binn\sqlservr.exe -sXNETVIEW
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys
S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
S3 GT680x;GrandTechICNameNT;C:\WINDOWS\system32\Drivers\gt680x.sys
S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys
S3 SQLAgent$XNETVIEW;SQLAgent$XNETVIEW;C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Binn\sqlagent.EXE -i XNETVIEW
S3 umpusbxp;UMP Serial Port Driver;C:\WINDOWS\system32\DRIVERS\umpusbxp.sys
S3 USTOR;LG USB Drive;C:\WINDOWS\system32\DRIVERS\UStork.sys
S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 09:22:25 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-10-07 10:26:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-20 19:55:02 C:\WINDOWS\Tasks\Martin Duggan backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2006-08-20 19:55:03 C:\WINDOWS\Tasks\Martin Duggan scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2007-10-24 17:27:00 C:\WINDOWS\Tasks\{3E61E074-97A0-4544-B730-EC7E57E5688B}_MARTIN_Martin Duggan.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 16:29:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-25 16:30:47
.
--- E O F ---
Hope this is OK I do appreciate your help
Martin

DarkWarrior007
2007-10-25, 19:04
Hi again Katana

here is a report of a recent anti virus scan

ntl Netguard Anti-virus
Scanning Report (24/10/2007 09:04:19)
Master Boot Records and Fixed Disk Boot Sectors
Scanned 1 Master Boot Record(s) for viruses.

Scanned 1 Boot Sector(s) for viruses.

Your Master Boot Record(s)/Boot Sector(s) are not infected.

Files
Drive C:\
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudProtectionBar.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Freeze.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Freeze1.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Freeze2.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Freeze3.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MagicAntiSpy.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsIEFirewallBypass1.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT1.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT2.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT3.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT4.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT5.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT6.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBOT8.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareBot7.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRankygn.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRankygn1.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoAccessActiveXObject.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess1.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess2.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess3.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess5.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip
Some files in this archive could not be scanned because they are password protected. The real-time protection will automatically scan the files when you extract them from the archive.
Files scanned: 107672
Infected files: 0
Disinfected files: 0
Deleted files: 0
Files unable to scan: 29
Drive D:\
Files scanned: 2835
Infected files: 0
Disinfected files: 0
Deleted files: 0
Files unable to scan: 0
Drive E:\
Files scanned: 333
Infected files: 0
Disinfected files: 0
Deleted files: 0
Files unable to scan: 0
Drive F:\
No disk in drive.
Report Summary
Files scanned: 110840
Total infected files: 0
Total disinfected files: 0
Total deleted files: 0
Total files unable to scan: 29
Anti-virus engine status
Last update: 23/10/2007 22:43:40
Virus definition file: avsdk-20072960.msp
File generated by ntl Netguard Anti-virus

Hope this may be useful

katana
2007-10-25, 19:37
These programs have dubious reputations :-
AdwareAlert
NoAdware5.0
They were listed on the Rogue Anti Spyware (http://www.spywarewarrior.com/rogue_anti-spyware.htm#naw_note) list at one point, and some people feel they still should be.




Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:




DirLook::
C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}

File::
C:\WINDOWS\system32\unpfrwb.dll
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip

Folder::
C:\Program Files\Video Add-on
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"=-

[-HKEY_CLASSES_ROOT\CLSID\{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}"=-

Save this as CFScript.txt and place it on your desktop.


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O22 - SharedTaskScheduler: bipinnatifid - {4688f900-0d0c-4788-b297-59cc10e70ccc} - (no file)
O22 - SharedTaskScheduler: enrobement - {0ee82408-3eef-49e3-9370-f94cf2e4034a} - C:\WINDOWS\system32\unpfrwb.dll
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Please post the ComboFix log along with a fresh HJT log in your reply

DarkWarrior007
2007-10-25, 21:16
Hi Katana




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:57, on 25/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Remote Master\Remote Master.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\WINDOWS\system32\PNTRoute.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SparkleBox toolbar - {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Remote Master] C:\Program Files\Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NoteTaker] C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe -silent
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119939227421
O16 - DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} (iVocalize Web Conference 4 Setup) - http://harmonicaclub.ivocalize.net/iv4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169672251765
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15654 bytes

DarkWarrior007
2007-10-25, 21:16
ComboFix 07-10-23.1 - Martin Duggan 2007-10-25 18:52:12.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.125 [GMT 1:00]
Running from: C:\Documents and Settings\Martin Duggan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Martin Duggan\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip
C:\WINDOWS\system32\unpfrwb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject1.zip
C:\Documents and Settings\Martin Duggan\.housecall6.6\Quarantine
C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\ictmdl.dll
C:\Program Files\Video Add-on\ictun.exe
C:\Program Files\Video Add-on\icun.exe
C:\Program Files\Video Add-on\isfmdl.dll
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfun.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.

2007-10-25 16:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 18:51 5,564 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-24 11:05 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-24 10:56 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-24 10:22 <DIR> d-------- C:\Documents and Settings\Martin Duggan\Application Data\AdwareAlert
2007-10-23 21:01 <DIR> d-------- C:\Program Files\NoAdware5.0
2007-10-23 20:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-23 15:37 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-07 15:29 <DIR> d-------- C:\Program Files\IVT Corporation
2007-10-07 13:42 <DIR> d-------- C:\Program Files\Lx_cats
2007-10-07 13:39 155,648 --a------ C:\WINDOWS\system32\lxcdins.dll
2007-10-07 13:38 <DIR> d-------- C:\Lexmark
2007-10-07 12:29 <DIR> d-------- C:\Program Files\Lexmark 6300 Series
2007-10-07 12:16 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-10-07 12:16 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-10-07 12:16 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-07 12:16 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-07 12:06 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-10-01 21:48 <DIR> d-------- C:\Program Files\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-25 17:57 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2007-10-25 13:58 --------- d-----w C:\Documents and Settings\Martin Duggan\Application Data\SolidDocuments
2007-10-25 08:27 --------- d-----w C:\Program Files\Common Files\Command Software
2007-10-25 08:24 --------- d-----w C:\Program Files\Google
2007-10-23 21:40 --------- d-----w C:\Program Files\Common Files\PestPatrol
2007-10-23 20:42 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-23 20:42 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-10-23 14:32 --------- d-----w C:\Program Files\Java
2007-10-07 10:26 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 20:01 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-15 20:00 --------- d-----w C:\Program Files\MSBuild
2007-09-15 19:58 --------- d-----w C:\Program Files\Guitar Speed Trainer
2007-09-15 19:57 --------- d-----w C:\Program Files\GuitarVision
2007-09-15 19:57 --------- d-----w C:\Program Files\GuitarFX 3
2007-09-15 19:54 --------- d-----w C:\Program Files\Reference Assemblies
2007-08-25 21:36 --------- d-----w C:\Program Files\RegCleaner
2007-01-04 12:29 10,534 ----a-w C:\Program Files\Common Files\lmouse.sys
2006-04-30 21:04 112,920 ----a-w C:\Documents and Settings\Martin Duggan\Application Data\GDIPFONTCACHEV1.DAT
2005-08-11 11:08 0 ----a-w C:\Documents and Settings\Martin Duggan\Application Data\wklnhst.dat
2005-06-28 12:37:55 8 --sh--r C:\WINDOWS\system32\87DA489749.sys
2005-06-28 12:37:55 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15} ----



((((((((((((((((((((((((((((( snapshot@2007-10-25_16.29.25.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-25 17:56:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_588.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ca4eedb3-5719-4e27-a478-8d13f761c28d}"= C:\Program Files\SparkleBox\tbSpar.dll [2006-05-30 12:03 961616]

[HKEY_CLASSES_ROOT\CLSID\{ca4eedb3-5719-4e27-a478-8d13f761c28d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{CA4EEDB3-5719-4E27-A478-8D13F761C28D}"= C:\Program Files\SparkleBox\tbSpar.dll [2006-05-30 12:03 961616]

[HKEY_CLASSES_ROOT\CLSID\{CA4EEDB3-5719-4E27-A478-8D13F761C28D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 15:16]
"nwiz"="nwiz.exe" [2005-04-01 15:16 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-04-01 15:16]
"Dit"="Dit.exe" [2004-07-21 02:18 C:\WINDOWS\Dit.exe]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 00:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"Keyboard Status"="C:\PROGRA~1\Medion\KeyStat\KeyStat.exe" [2005-01-25 19:03]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 13:01 C:\WINDOWS\AGRSMMSG.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 13:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 13:00]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2005-06-20 14:29]
"MimBoot"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe" [2004-12-10 19:44]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-06-28 16:06]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-03-16 10:56]
"Remote Master"="C:\Program Files\Remote Master\Remote Master.exe" [2005-03-07 19:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"PhilipsDM"="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2005-09-14 23:12]
"ntl Netguard"="C:\Program Files\ntl\ntl Netguard\RPS.exe" [2005-07-05 15:31]
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe" [2003-12-30 10:40]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 19:48]
"atwtusb"="atwtusb.exe" [2001-08-20 19:48 C:\WINDOWS\system32\Atwtusb.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"LXCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll" [2005-07-11 17:35]
"lxcdmon.exe"="C:\Program Files\Lexmark 6300 Series\lxcdmon.exe" [2005-06-24 17:16]
"EzPrint"="C:\Program Files\Lexmark 6300 Series\ezprint.exe" [2005-07-05 11:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"NoteTaker"="C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe" [2005-03-23 17:39]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2005-09-08 16:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Martin Duggan\Start Menu\Programs\Startup\
Registration-Studio 8.lnk - C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe [2006-04-28 18:45:21]
WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-06-24 01:23:00]

R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys
R2 MSSQL$XNETVIEW;MSSQL$XNETVIEW;C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Binn\sqlservr.exe -sXNETVIEW
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys
S3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS
S3 GT680x;GrandTechICNameNT;C:\WINDOWS\system32\Drivers\gt680x.sys
S3 NUVision;Pinnacle LINX;C:\WINDOWS\system32\DRIVERS\NUVision.sys
S3 SQLAgent$XNETVIEW;SQLAgent$XNETVIEW;C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Binn\sqlagent.EXE -i XNETVIEW
S3 umpusbxp;UMP Serial Port Driver;C:\WINDOWS\system32\DRIVERS\umpusbxp.sys
S3 USTOR;LG USB Drive;C:\WINDOWS\system32\DRIVERS\UStork.sys
S3 utblfilt;utblfilt;C:\WINDOWS\system32\drivers\utblfilt.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 09:22:25 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-10-07 10:26:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-08-20 19:55:02 C:\WINDOWS\Tasks\Martin Duggan backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2006-08-20 19:55:03 C:\WINDOWS\Tasks\Martin Duggan scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2007-10-25 17:27:00 C:\WINDOWS\Tasks\{3E61E074-97A0-4544-B730-EC7E57E5688B}_MARTIN_Martin Duggan.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-25 18:57:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-25 18:59:39 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-25 16:30
.
--- E O F ---
Thank you again for your help

DarkWarrior007
2007-10-25, 21:32
Freshscan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:03, on 25/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$XNETVIEW\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Remote Master\Remote Master.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ntl\ntl Netguard\RPS.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 6300 Series\lxcdmon.exe
C:\Program Files\Lexmark 6300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\WINDOWS\system32\PNTRoute.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\ntl\broadband medic\bin\mpbtn.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\lxcdcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: CIEDownload Object - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SparkleBox toolbar - {ca4eedb3-5719-4e27-a478-8d13f761c28d} - C:\Program Files\SparkleBox\tbSpar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Remote Master] C:\Program Files\Remote Master\Remote Master.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LXCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NoteTaker] C:\Program Files\Pegasus Technologies\NoteTaker\NoteTaker.exe -silent
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration-Studio 8.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: broadband medic.lnk = C:\Program Files\ntl\broadband medic\bin\matcli.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119939227421
O16 - DPF: {6B78B13A-6E99-4588-8EAB-C2399B202022} (iVocalize Web Conference 4 Setup) - http://harmonicaclub.ivocalize.net/iv4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169672251765
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15621 bytes

Hope this OK
Martin

katana
2007-10-25, 21:35
looking good :)

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

Lets have a final scan to check
TotalScan

Please go to this site Link >> TotalScan (http://www.nanoscan.com/as/v1/?) << LINK

Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.

DarkWarrior007
2007-10-26, 00:00
Hi again Katana

Here is the totalscan results

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-10-25 21:53:57
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ntl Netguard Anti-virus 5.2.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix\Process.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087309.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085997.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085966.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087307.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086027.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20071024-195041-206.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\icmntr.exe.vir
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087304.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\ictun.exe.vir
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085967.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfmdl.dll.vir
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP733\A0087123.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP733\A0087122.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0087089.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085789.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085790.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0087088.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085815.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085816.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086055.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085891.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085892.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086054.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085932.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085933.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086028.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085998.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Martin Duggan\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP736\A0087292.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Martin Duggan\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix\Reboot.exe
02519515 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086029.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085893.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085817.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086056.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085968.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087310.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0087090.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085934.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfmm.exe.vir
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP733\A0087124.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085791.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085999.exe
02638593 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087305.exe
02638593 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\icthis.exe.vir
02638594 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\icun.exe.vir
02638594 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087308.exe
02638595 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087311.exe
02638595 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfmntr.exe.vir
02638596 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087312.exe
02638596 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfun.exe.vir
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

looks scary

Martin

katana
2007-10-26, 00:31
looks scary


Nope, looks good :D
All the infected files are in quarantine or System Restore.
Everything looks OK from here, if you are still having any problems let me know.


Congratulations your logs look clean :D

Let’s see if I can help you keep it that way

First lets tidy up :D



Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

Also PLEASE read this article

So How Did I Get Infected In The First Place (http://forums.spybot.info/showthread.php?t=279)

If you can see a program that you have never seen or used then get it!

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

DarkWarrior007
2007-10-26, 00:40
Hi again
Total scan results

;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-10-25 21:53:57
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ntl Netguard Anti-virus 5.2.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix\Process.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087309.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085997.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085966.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087307.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086027.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\Program Files\Trend Micro\HijackThis\backups\backup-20071024-195041-206.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\icmntr.exe.vir
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087304.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\ictun.exe.vir
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085967.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfmdl.dll.vir
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP733\A0087123.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP733\A0087122.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0087089.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085789.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085790.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0087088.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085815.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085816.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086055.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085891.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085892.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086054.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085932.dll
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085933.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086028.exe
00511607 Adware/PC-Prot Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085998.exe
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Martin Duggan\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP736\A0087292.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Martin Duggan\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix\Reboot.exe
02519515 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\Martin Duggan\Desktop\SmitfraudFix.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086029.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085893.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085817.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0086056.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085968.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087310.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0087090.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085934.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfmm.exe.vir
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP733\A0087124.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP731\A0085791.exe
02638574 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP732\A0085999.exe
02638593 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087305.exe
02638593 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\icthis.exe.vir
02638594 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\icun.exe.vir
02638594 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087308.exe
02638595 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087311.exe
02638595 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfmntr.exe.vir
02638596 Adware/VideoAddon Adware No 0 Yes No C:\System Volume Information\_restore{49C46D34-AD57-472C-845E-817FDA70A177}\RP737\A0087312.exe
02638596 Adware/VideoAddon Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfun.exe.vir
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

katana
2007-10-26, 00:46
Hi, is there a problem ?

DarkWarrior007
2007-10-26, 01:14
A Big Hug to the angel of Techies

Well done and thankyou

Martin

DarkWarrior007
2007-10-26, 01:14
A Big Hug to the angel of Techies

Well done and thankyou

Martin

DarkWarrior007
2007-10-26, 01:14
A Big Hug to the angel of Techies

Well done and thankyou

Martin

katana
2007-10-26, 01:17
No problem :bigthumb: