Results 1 to 4 of 4

Thread: Cannot See File

  1. #1
    Junior Member
    Join Date
    May 2009
    Posts
    3

    Default

    Hello,

    Can some one please explain to me why i cannot see a file that spybot is telling me is there and is a trojan. I don't get it

    I ran spybot and it is telling me i have 4 Win32.TDSS.rtk trojans located here:

    Win32.TDSS.rtk: [SBI $05E456BF] File (File, nothing done)
    C:\WINDOWS\system32\ovfsthbqqjgcewnxbyayonyrredjmyhrqjchnx.dll

    Win32.TDSS.rtk: [SBI $05E456BF] File (File, nothing done)
    C:\WINDOWS\system32\ovfsthuakvpxcodlvlrjqdbfsbkjtmfytpqrow.dll

    Win32.TDSS.rtk: [SBI $05E456BF] File (File, nothing done)
    C:\WINDOWS\system32\ovfsthwyyowdppfmpdvglgmsmcdtoswcruiwid.dll

    Win32.TDSS.rtk: [SBI $DB1744B9] File (File, nothing done)
    C:\WINDOWS\system32\drivers\ovfsthklvnrjcanmqqwabpxnbevshmrxdologc.sys

    Now when i go to these directories the file is not there. Whats the deal?

    These 4 files are the only things that comes up when i run a scan, therefore i believe this is my infection on my browser which redirects me from time to time during searches. Did not think it was going to be hard to remove since my computer has not been taken over by this thing, just an annoying inconvenience.

    Spybot says the files have been fixed but every time i rescan they still appear. Any thoughts?

    HIJACKTHIS LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:02:50, on 5/17/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\etmin.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4011] command /c del "C:\WINDOWS\system32\ovfsthbqqjgcewnxbyayonyrredjmyhrqjchnx.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4037] cmd /c del "C:\WINDOWS\system32\ovfsthbqqjgcewnxbyayonyrredjmyhrqjchnx.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6840] command /c del "C:\WINDOWS\system32\ovfsthuakvpxcodlvlrjqdbfsbkjtmfytpqrow.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4349] cmd /c del "C:\WINDOWS\system32\ovfsthuakvpxcodlvlrjqdbfsbkjtmfytpqrow.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6062] command /c del "C:\WINDOWS\system32\ovfsthbqqjgcewnxbyayonyrredjmyhrqjchnx.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8710] cmd /c del "C:\WINDOWS\system32\ovfsthbqqjgcewnxbyayonyrredjmyhrqjchnx.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8881] command /c del "C:\WINDOWS\system32\ovfsthuakvpxcodlvlrjqdbfsbkjtmfytpqrow.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5620] cmd /c del "C:\WINDOWS\system32\ovfsthuakvpxcodlvlrjqdbfsbkjtmfytpqrow.dll"
    O4 - Startup: etmin.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O10 - Unknown file in Winsock LSP: w2pxdrv.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.4.2.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1232441300343
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 8615 bytes

  2. #2
    Junior Member
    Join Date
    May 2009
    Posts
    3

    Default

    Was looking at a previous post where someone recommended combo fix.

    Identified my problem at least with a few other related files and deleted them.

    Running a scan now with spybot to see if that did the trick.

    Here's Combo fix log:
    ComboFix 09-05-16.05 - Andrew 05/17/2009 3:13.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2758 [GMT -4:00]
    Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Andrew\Local Settings\Temporary Internet Files\fbk.sts
    c:\windows\system32\404Fix.exe
    c:\windows\system32\Agent.OMZ.Fix.exe
    c:\windows\system32\arazuzed.ini
    c:\windows\system32\drivers\ovfsthklvnrjcanmqqwabpxnbevshmrxdologc.sys
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\o4Patch.exe
    c:\windows\system32\ovfsthbqqjgcewnxbyayonyrredjmyhrqjchnx.dll
    c:\windows\system32\ovfstheaxwtyehjsursjyixkfsqhxeqbglyhhe.dat
    c:\windows\system32\ovfsthombqcrnqayumsxxipoysoltabdyqixoy.dat
    c:\windows\system32\ovfsthuakvpxcodlvlrjqdbfsbkjtmfytpqrow.dll
    c:\windows\system32\ovfsthuakvpxcodlvlrjqdbfsbkjtmfytpqrow.dll_old
    c:\windows\system32\ovfsthwyyowdppfmpdvglgmsmcdtoswcruiwid.dll
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe


    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ovfsthybwuwcmexmafulkmxbfjwbpjpiqqpnvk


    ((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
    .

    2009-05-17 02:56 . 2009-05-17 02:56 -------- d-----w c:\documents and settings\Andrew\Application Data\Malwarebytes
    2009-05-17 02:56 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-17 02:56 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-17 02:56 . 2009-05-17 02:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-17 02:56 . 2009-05-17 02:56 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-16 18:38 . 2009-05-16 18:38 -------- d-----w c:\program files\Trend Micro
    2009-04-29 21:19 . 2009-04-29 21:19 41808 ----a-w c:\windows\system32\xfcodec.dll
    2009-04-25 04:39 . 2009-04-25 04:39 -------- d-----w c:\program files\Phantom Fiber Inc

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-16 19:39 . 2008-11-23 01:56 138512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
    2009-05-16 19:38 . 2008-11-23 01:56 201440 ----a-w c:\windows\system32\PnkBstrB.exe
    2009-05-16 19:32 . 2009-04-03 04:44 -------- d-----w c:\program files\EA Games
    2009-05-09 17:03 . 2008-11-22 02:59 -------- d-----w c:\program files\Xfire
    2009-05-08 21:12 . 2009-01-03 05:06 -------- d-----w c:\program files\PlayersOnly Poker
    2009-04-22 21:46 . 2009-01-13 09:13 -------- d-----w c:\program files\Steam
    2009-04-22 21:36 . 2008-11-23 01:55 75064 ----a-w c:\windows\system32\PnkBstrA.exe
    2009-04-22 21:03 . 2008-11-22 02:58 -------- d-----w c:\program files\Ventrilo
    2009-04-18 21:54 . 2009-03-08 02:35 -------- d-----w c:\program files\World of Warcraft
    2009-04-15 02:04 . 2009-04-15 02:04 -------- d-----w c:\program files\Proxy Labs
    2009-04-15 02:03 . 2009-04-15 02:03 -------- d-----w c:\program files\SocksCapV2
    2009-04-15 02:02 . 2009-04-15 02:02 -------- d-----w c:\program files\Your Freedom
    2009-04-05 22:10 . 2009-02-25 02:20 22328 ----a-w c:\documents and settings\Andrew\Application Data\PnkBstrK.sys
    2009-04-05 22:09 . 2009-02-25 02:18 2246144 ----a-w c:\windows\system32\pbsvc.exe
    2009-04-02 16:49 . 2008-11-22 02:47 -------- d-----w c:\program files\Interbank FX Trader 4
    2009-04-01 03:13 . 2009-04-01 00:22 -------- d-----w c:\program files\Microsoft ActiveSync
    2009-03-22 04:43 . 2009-03-21 07:58 -------- d-----w c:\program files\Common Files\Real
    2009-03-21 21:07 . 2008-11-22 03:03 -------- d-----w c:\program files\mIRC
    2009-03-21 07:58 . 2003-10-17 17:44 499712 ----a-w c:\windows\system32\msvcp71.dll
    2009-03-21 02:24 . 2008-11-22 02:57 -------- d-----w c:\program files\Spybot - Search & Destroy
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
    "Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

    c:\documents and settings\Andrew\Start Menu\Programs\Startup\
    etmin.exe [2004-8-13 24064]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^etmin.exe]
    path=c:\documents and settings\Andrew\Start Menu\Programs\Startup\etmin.exe
    backup=c:\windows\pss\etmin.exeStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\wscntfy.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys --> c:\windows\system32\drivers\c6501.sys [?]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: w2pxdrv.dll
    DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab
    FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\1p6mi2tl.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en
    FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
    FF - plugin: c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\1p6mi2tl.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-17 03:16
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(740)
    c:\windows\system32\w2pxdrv.dll

    - - - - - - - > 'explorer.exe'(1920)
    c:\program files\Logitech\MouseWare\System\LgWndHk.dll
    c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-05-17 3:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-05-17 07:22

    Pre-Run: 72,906,006,528 bytes free
    Post-Run: 72,851,595,264 bytes free

    172

  3. #3
    Junior Member
    Join Date
    May 2009
    Posts
    3

    Default

    well that did the trick Spybot picked up nothing this time around.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,492
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •