0

hey all i am not exactly sure what is goin on with my computer. but here it goes. when i went to go start up my computer i kept getting a folder that popped up entitled real. first i went one directory up to see what that came from then i tried to delete the folder and it deleted. but in the directory up from that their was another folder in my applications data folder. which is entitled real send film bat and in that folder are two files one file is called Extra Third.exe and the other is called Wipe Support Four. so then i tried deleting that folder as well but i cant delete it because it says that a program is using the file. but i have no idea which program it is. but anywayz after i got this folder on my computer my firefox as well as internet explorer has been incredibly unstable. also ever since these files have came onto my computer i have also not been able to access google and couple other websites as well as i have a program which checks my gmail account for mail but that wont connect to the net either. here is my hijack this log file. i have noe a NOD 32 virus scan, a lavasoft adaware scan, a spybot search and destory seach and a xsoft spyware search
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:58:36 AM, on 5/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Mp3tag\Mp3tagQuickPick.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Pidgin\pidgin.exe G:\BitComet\BitComet.exe C:\WINDOWS\system32\WISPTIS.EXE G:\Nhl 07\nhl2007.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and Settings\Craig\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.208.64.177:3128 O2 - BHO: (no name) - {0682E46A-7040-4049-A6FD-0BCFBC673AD8} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\FlashFXP\IEFlash.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Film Bat Base Else] C:\Documents and Settings\All Users\Application Data\real send film bat\Extra Third.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [trans store] C:\DOCUME~1\Craig\APPLIC~1\PLAYUP~1\gram mess.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Mp3tag Quick Pick.lnk = C:\Program Files\Mp3tag\Mp3tagQuickPick.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download all links using BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113694423343 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: Stateless Packet Filtering (PktFilter) - Unknown owner - C:\Documents and Settings\Craig\Desktop\pktfltsrv.exe (file missing) O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe -- End of file - 9323 bytes any help you folks can give me is appreciated thank you LiteBritePunk

2
Contributors
23
Replies
24
Views
10 Years
Discussion Span
Last Post by LiteBritePunk
0

Hello LiteBrakePunk Welcome to the forums :)

Let's have a look.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepads: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Both Logfile are located here:

C:\Deckard\System Scanner\Main.txt
C:\Deckard\System Scanner\Extra.txt

Thanks :)

0

ok here are the log file i made them as attachments if u want them copied and posted then i will d that
thanx
LiteBritePunk

Attachments
Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2558.09 MiB / 1880.47 MiB
Pagefile Memory (total/avail): 4447.29 MiB / 3862.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1951.47 MiB

C: is Fixed (NTFS) - 33.97 GiB total, 9.5 GiB free. 
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (NTFS) - 149.05 GiB total, 59.57 GiB free. 
X: is Fixed (NTFS) - 232.88 GiB total, 31.91 GiB free. 


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Outpost Firewall Pro v4.0 (Agnitum)
AV: Panda Platinum 2005 Internet Security v9.02.00 (Panda Software)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Craig\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MILHOUSE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Craig
LOGONSERVER=\\MILHOUSE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\PROGRA~1\ThriXXX\3D SexVilla;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Craig\LOCALS~1\Temp
TMP=C:\DOCUME~1\Craig\LOCALS~1\Temp
USERDOMAIN=MILHOUSE
USERNAME=Craig
USERPROFILE=C:\Documents and Settings\Craig
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI 


-- User Profiles ---------------------------------------------------------------

Craig [I](admin)[/I]
Administrator [I](new local, admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\Setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A69873-3412-430F-B094-8B5CB9E9E519}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9  /remove
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -
Deckard's System Scanner v20070426.43
Run by Craig on 2007-05-12 at 12:59:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-05-12 16:59:33 UTC - RP1083 - Deckard's System Scanner Restore Point
1: 2007-05-12 09:21:09 UTC - RP1082 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Craig.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:05:58 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Mp3tag\Mp3tagQuickPick.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Craig\Desktop\dss.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Craig\Desktop\HIJACK~1\Craig.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.208.64.177:3128
O2 - BHO: (no name) - {0682E46A-7040-4049-A6FD-0BCFBC673AD8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Film Bat Base Else] C:\Documents and Settings\All Users\Application Data\real send film bat\Extra Third.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [trans store] C:\DOCUME~1\Craig\APPLIC~1\PLAYUP~1\gram mess.exe
O4 - Global Startup: Mp3tag Quick Pick.lnk = C:\Program Files\Mp3tag\Mp3tagQuickPick.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113694423343
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Stateless Packet Filtering (PktFilter) - Unknown owner - C:\Documents and Settings\Craig\Desktop\pktfltsrv.exe (file missing)
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PzWDM - c:\windows
0

Alright, thank you for the logfile.

We'll Continue.

Step #1

We Have to move Hijackthis to it's own folder because In it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later

Click START>My Computer >right click Local Disk (usually (C:) for most people)>Explore.
Right click an open area in the main panel.
Select New > Folder.
Type in HJT & press Enter

Now We have Created C:\HJT\ folder. Put your HijackThis.exe there.

Step #2

Please download NoLop and save it to your desktop.

  • First close any other programs you have running as this will require a reboot.
  • Double click NoLop.exe to run it.
  • Now click the button labeled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected. Click OK.
  • Now click the "REBOOT" button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log along with a fresh HijackThis log in your next reply.

--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..

Step #3

Please download Combofix to your desktop.

  • Double click on Combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Step #4

In your next reply please post the following logfiles:

C:\NoLop.log
C:\Combofix.txt

0

Ok here are the log files
Thanx
LBP
Here is the HIJack this log

Logfile of HijackThis v1.99.1
Scan saved at 3:39:46 AM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Hjt\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.208.64.177:3128
O2 - BHO: (no name) - {0682E46A-7040-4049-A6FD-0BCFBC673AD8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Film Bat Base Else] C:\Documents and Settings\All Users\Application Data\real send film bat\Extra Third.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [trans store] C:\DOCUME~1\Craig\APPLIC~1\PLAYUP~1\gram mess.exe
O4 - Global Startup: Mp3tag Quick Pick.lnk = C:\Program Files\Mp3tag\Mp3tagQuickPick.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113694423343
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Stateless Packet Filtering (PktFilter) - Unknown owner - C:\Documents and Settings\Craig\Desktop\pktfltsrv.exe (file missing)
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

and here is the No Lob Log
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Craig\Desktop
[5/12/2007]
[3:20:37 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A94E44C097F5C114.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Ati
C:\Documents and Settings\Administrator\Application Data\Gtek
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Gtek
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Real Send Film Bat
C:\Documents and Settings\All Users\Application Data\Sectaskman
C:\Documents and Settings\All Users\Application Data\Slysoft
C:\Documents and Settings\All Users\Application Data\Snapstream -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Ubisoft
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Craig\Application Data\.gaim
C:\Documents and Settings\Craig\Application Data\.purple
C:\Documents and Settings\Craig\Application Data\Acccore
C:\Documents and Settings\Craig\Application Data\Adobe
C:\Documents and Settings\Craig\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Craig\Application Data\Ahead
C:\Documents and Settings\Craig\Application Data\Aim
C:\Documents and Settings\Craig\Application Data\Apple Computer
C:\Documents and Settings\Craig\Application Data\Arcsoft
C:\Documents and Settings\Craig\Application Data\Ati
C:\Documents and Settings\Craig\Application Data\Azureus
C:\Documents and Settings\Craig\Application Data\Creative
C:\Documents and Settings\Craig\Application Data\Desksoft -- EMPTY Directory
C:\Documents and Settings\Craig\Application Data\Dreksoftware -- EMPTY Directory
C:\Documents and Settings\Craig\Application Data\Dvdcss
C:\Documents and Settings\Craig\Application Data\Eidos
C:\Documents and Settings\Craig\Application Data\Flashget
C:\Documents and Settings\Craig\Application Data\Flock -- EMPTY Directory
C:\Documents and Settings\Craig\Application Data\Gearbox Software
C:\Documents and Settings\Craig\Application Data\Google
C:\Documents and Settings\Craig\Application Data\Gtek
C:\Documents and Settings\Craig\Application Data\Gtk-2.0
C:\Documents and Settings\Craig\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Craig\Application Data\Installshield
C:\Documents and Settings\Craig\Application Data\Intervideo
C:\Documents and Settings\Craig\Application Data\Lavasoft
C:\Documents and Settings\Craig\Application Data\Leadertech
C:\Documents and Settings\Craig\Application Data\Lionhead Studios -- EMPTY Directory
C:\Documents and Settings\Craig\Application Data\Macromedia
C:\Documents and Settings\Craig\Application Data\Media Player Classic
C:\Documents and Settings\Craig\Application Data\Microsoft
C:\Documents and Settings\Craig\Application Data\Mozilla
C:\Documents and Settings\Craig\Application Data\Mp3tag
C:\Documents and Settings\Craig\Application Data\Play Upload
C:\Documents and Settings\Craig\Application Data\Red Chair Software
C:\Documents and Settings\Craig\Application Data\Ripit4me
C:\Documents and Settings\Craig\Application Data\Securom
C:\Documents and Settings\Craig\Application Data\Seven Zip
C:\Documents and Settings\Craig\Application Data\Slysoft
C:\Documents and Settings\Craig\Application Data\Sun
C:\Documents and Settings\Craig\Application Data\Talkback
C:\Documents and Settings\Craig\Application Data\Tmnt
C:\Documents and Settings\Craig\Application Data\Ursoft
C:\Documents and Settings\Craig\Application Data\Versiontracker Pro
C:\Documents and Settings\Craig\Application Data\Vlc
C:\Documents and Settings\Craig\Application Data\Vso
C:\Documents and Settings\Craig\Application Data\X-chat 2
C:\Documents and Settings\Default User\Application Data\Gtek
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Microsoft

Attachments
[code]
2005-08-10 10:06      19968    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\sfsync02.sys.vir
2005-11-14 01:07      2227519    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Craig\APPLIC~1\Install.dat.vir
2005-12-06 11:11      35328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\sfsync03.sys.vir
2007-05-12 15:34      1488    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_SFSYNC02.reg.cf
2007-05-12 15:34      1488    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_SFSYNC03.reg.cf
2007-05-12 15:34      2572    --a------    C:\Qoobox\Quarantine\Registry_backups\services_sfsync02.reg.cf
2007-05-12 15:34      2572    --a------    C:\Qoobox\Quarantine\Registry_backups\services_sfsync03.reg.cf
2007-05-12 15:34      4878    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf


Folder PATH listing
Volume serial number is D416-9801
C:\QOOBOX
+---purity
|   \---C
|       +---Program Files
|       |   +---CROSOF~1
|       |   +---ICROSO~1.NET
|       |   \---RACLE~1
|       \---WINDOWS
|           \---SYSTEM32
|               \---SKS~1
\---Quarantine
    +---C
    |   +---DOCUME~1
    |   |   \---Craig
    |   |       \---APPLIC~1
    |   |               Install.dat.vir
    |   |               
    |   \---WINDOWS
    |       \---SYSTEM32
    |           \---DRIVERS
    |                   sfsync02.sys.vir
    |                   sfsync03.sys.vir
    |                   
    \---Registry_backups
            LEGACY_SFSYNC02.reg.cf
            LEGACY_SFSYNC03.reg.cf
            services_nm.reg.cf
            services_sfsync02.reg.cf
            services_sfsync03.reg.cf
            
[/code]
"Craig" - 2007-05-12 15:31:19    Service Pack 2  
ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\Craig\Desktop\"


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Craig\APPLIC~1\Install.dat
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\CROSOF~1
C:\qoobox\purity\C\Program Files\ICROSO~1.NET
C:\qoobox\purity\C\Program Files\RACLE~1
C:\qoobox\purity\C\WINDOWS\SYSTEM32\SKS~1


(((((((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\nm
-------\sfsync02
-------\sfsync03


(((((((((((((((((((((((((((((((   Files Created from 2007-04-05 to 2007-05-12  ))))))))))))))))))))))))))))))))))


2007-05-12 15:34	0	--a------	C:\WINDOWS\SYSTEM32\sfsync03.dll
2007-05-12 15:34	0	--a------	C:\WINDOWS\SYSTEM32\sfsync02.dll
2007-05-12 15:22	<DIR>	d--------	C:\NoLopBackups
2007-05-12 15:18	<DIR>	d--------	C:\Hjt
2007-05-12 12:59	<DIR>	d--------	C:\Deckard
2007-05-12 03:15	0	-rahs----	C:\MSDOS.SYS
2007-05-12 03:15	0	-rahs----	C:\IO.SYS
2007-05-08 17:02	<DIR>	d--------	C:\Program Files\Play Upload
2007-05-08 17:02	<DIR>	d--------	C:\DOCUME~1\Craig\APPLIC~1\Play Upload
2007-05-08 17:02	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\real send film bat
2007-05-08 17:01	<DIR>	d--------	C:\Program Files\WinZix
2007-05-04 22:26	<DIR>	d--------	C:\DOCUME~1\Craig\APPLIC~1\.purple
2007-05-04 21:38	<DIR>	d--------	C:\Program Files\Pidgin
2007-04-28 02:59	<DIR>	d--------	C:\WINDOWS\vf_hip
2007-04-28 02:59	<DIR>	d--------	C:\Program Files\Hide IP Platinum
2007-04-27 21:08	<DIR>	d--------	C:\Program Files\JAP
2007-04-27 16:43	<DIR>	d--------	C:\Program Files\FlashGet
2007-04-27 16:29	<DIR>	d--------	C:\DOCUME~1\Craig\APPLIC~1\FlashGet
2007-04-25 19:52	<DIR>	d-a------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-25 19:52	<DIR>	d--------	C:\Program Files\Your Uninstaller 2006
2007-04-25 19:52	<DIR>	d--------	C:\DOCUME~1\Craig\APPLIC~1\URSoft
2007-04-25 00:10	<DIR>	d--------	C:\Program Files\CCleaner
2007-04-23 19:31	<DIR>	d--------	C:\Program Files\SlySoft
2007-04-23 17:53	1,075,200	--a------	C:\DOCUME~1\Craig\AnyDialog.dll
2007-04-21 11:44	<DIR>	d--------	C:\Program Files\OpenAL
2007-04-20 21:45	<DIR>	d--------	C:\DOCUME~1\Craig\APPLIC~1\TMNT
2007-04-20 21:39	<DIR>	d--------	C:\DOCUME~1\Craig\APPLIC~1\InstallShield
2007-04-18 23:49	<DIR>	d--------	C:\Program Files\Multi Password Recovery
2007-04-17 02:31	<DIR>	d--------	C:\WINDOWS\Full Speed
2007-04-17 02:31	<DIR>	d--------	C:\Program Files\Full Speed


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


25554-08-31 16:13:13	27,734	----a-w	C:\WINDOWS\system32\drivers\oasisusb.sys
2007-05-12 19:20:07	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\.purple
2007-05-08 06:33:44	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\dvdcss
2007-05-08 06:01:02	--------	d-----w	C:\Program Files\eMule
2007-05-07 21:20:18	--------	d-----w	C:\Program Files\Winamp
2007-05-06 02:15:54	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\gtk-2.0
2007-05-05 07:49:59	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\Azureus
2007-05-05 02:26:16	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\.gaim
2007-05-05 01:38:38	--------	d-----w	C:\Program Files\Gaim
2007-05-02 22:32:55	--------	d-----w	C:\Program Files\Puppy Luv
2007-05-02 22:32:55	--------	d-----w	C:\Program Files\Lexmark X74-X75
2007-05-02 22:32:54	--------	d-----w	C:\Program Files\Common Files\PestPatrol
2007-05-02 22:32:54	--------	d-----w	C:\Program Files\AIM
2007-05-02 22:20:21	--------	d-----w	C:\Program Files\Creative
2007-05-02 03:59:19	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-04-27 06:33:49	--------	d-----w	C:\Program Files\VideoLAN
2007-04-26 18:16:19	--------	d-----w	C:\Program Files\XoftSpy
2007-04-24 03:58:05	--------	d-----w	C:\Program Files\EA SPORTS
2007-04-21 15:44:50	409,600	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2007-04-21 15:44:50	114,688	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2007-04-17 06:34:41	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\Vso
2007-04-11 18:37:57	73,928	----a-w	C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-04-06 23:52:54	--------	d-----w	C:\Program Files\ImTOO
2007-04-04 23:21:21	298,104	----a-w	C:\WINDOWS\system32\imon.dll
2007-04-04 23:21:20	512,096	----a-w	C:\WINDOWS\system32\drivers\amon.sys
2007-04-04 23:21:19	15,424	----a-w	C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-04 23:17:01	81,984	----a-w	C:\WINDOWS\system32\bdod.bin
2007-04-04 22:35:44	--------	d-----w	C:\Program Files\AWS
2007-04-04 22:15:27	666,624	----a-w	C:\WINDOWS\is-4OI3B.exe
2007-04-04 22:15:24	--------	d-----w	C:\Program Files\Common Files\Agnitum Shared
2007-04-04 22:15:24	--------	d-----w	C:\Program Files\Agnitum
2007-04-01 12:34:21	86,016	----a-w	C:\WINDOWS\system32\ElbyCDIO.dll
2007-03-28 14:19:08	--------	d-----w	C:\Program Files\RimArts
2007-03-28 01:03:24	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\AdobeUM
2007-03-26 15:57:50	--------	d-----w	C:\Program Files\GreedyTorrent
2007-03-26 15:56:48	--------	d-----w	C:\Program Files\Azureus
2007-03-25 02:18:30	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\DrekSoftware
2007-03-23 03:44:25	--------	d-----w	C:\Program Files\Common Files\DirectX
2007-03-23 03:43:05	--------	d-----w	C:\Program Files\DAEMON Tools
2007-03-23 03:39:15	646,392	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-03-19 08:37:57	--------	d-----w	C:\Program Files\ATI Technologies
2007-03-17 13:43:01	292,864	----a-w	C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28	577,536	----a-w	C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28	40,960	----a-w	C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28	281,600	----a-w	C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48	1,843,584	----a-w	C:\WINDOWS\system32\win32k.sys
2007-03-08 04:24:39	87,608	----a-w	C:\DOCUME~1\Craig\APPLIC~1\ezpinst.exe
2007-03-08 04:24:39	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-08 04:24:39	47,360	----a-w	C:\DOCUME~1\Craig\APPLIC~1\pcouffin.sys
2007-03-08 04:24:38	--------	d-----w	C:\Program Files\VSO
2007-03-07 00:28:17	--------	d-----w	C:\DOCUME~1\Craig\APPLIC~1\SlySoft
2007-02-19 21:34:56	9,261	----a-w	C:\WINDOWS\mozver.dat
2007-02-05 20:17:02	185,344	----a-w	C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll"
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"="C:\PROGRA~1\FlashGet\jccatch.dll"
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="G:\BitComet\tools\BitCometBHO.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll"
"{E5A1691B-D188-4419-AD02-90002030B8EE}"="G:\FlashFXP\IEFlash.dll"
"{F156768E-81EF-470C-9057-481BA8380DBA}"="C:\PROGRA~1\FlashGet\getflash.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Lexmark X74-X75"="\"C:\\Program Files\\Lexmark X74-X75\\lxbbbmgr.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"Film Bat Base Else"="C:\\Documents and Settings\\All Users\\Application Data\\real send film bat\\Extra Third.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"GreedyTorrent"="\"C:\\Program Files\\GreedyTorrent\\GTor.exe\" -tray"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"trans store"="C:\\DOCUME~1\\Craig\\APPLIC~1\\PLAYUP~1\\gram mess.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages	msv1_0\0\0
   Security Packages	kerberos\0msv1_0\0schannel\0wdigest\0\0
   Notification Packages	scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=dword:00000002
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	HTTPFilter\0\0
LocalService	Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	DnsCache\0\0
DcomLaunch	DcomLaunch\0TermService\0\0
rpcss	RpcSs\0\0
imgsvc	StiSvc\0\0
termsvcs	TermService\0\0
WudfServiceGroup	WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy -  Scheduled Task.job
C:\WINDOWS\tasks\XoftSpy.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 15:37:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden proc
0

Hi there, good work :)

Step #1

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please Delete Everything inside this folder:

C:\Qoobox

Please open HiJackThis and scan. Check the boxes next to all the entries listed below

O2 - BHO: (no name) - {0682E46A-7040-4049-A6FD-0BCFBC673AD8} - (no file)
O4 - HKLM\..\Run: [Film Bat Base Else] C:\Documents and Settings\All Users\Application Data\real send film bat\Extra Third.exe
O4 - HKCU\..\Run: [trans store] C:\DOCUME~1\Craig\APPLIC~1\PLAYUP~1\gram mess.exe
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

Step #2

Please go Here to see how to show hidden files in windows.

Now, Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Documents and Settings\All Users\Application Data\Real Send Film Bat
C:\Documents and Settings\Craig\Application Data\Play Upload
C:\Documents and Settings\All Users\Application Data\Viewpoint

Step #3

Download the latest version of Java Runtime Environment (JRE) 6

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Step #4

Download CCleaner If you don't want the Yahoo toolbar, be sure to UNcheck that option when installing the software or update.

Instructions for using CCleaner:

  • Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
  • A pop up box will appear advising this process will permanently delete files from your system.
  • To protect logon cookies that you wish to retain, under Options > Cookies. Select and using the arrow move those cookies to the "Cookies to keep" column.
  • Then select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the "Internet Explorer" section.
      • Clean all the entries in the "Windows Explorer" section.
      • Clean all entries in the "System" section.
      • Clean all entries in the "Advanced" section.
      • Clean any others that you choose.
    • In the Applications Tab:
    • Clean all in the Firefox/Mozilla section if you use it.
    • Clean all in the Opera section if you use it.
    • Clean Sun Java in the Internet Section.
    • Please UNcheck "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)
  • Click the "Run Cleaner" button and it will scan and clean your system.
  • Click exit.
  • Shutdown/restart the computer.

Step #4

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Let me know how things are running now ;)

0

Ok before i go further with ur instructions i ran into a slight problem. i deleted all the other folders in my application data folders accept for the real send film bat folder it still says that something is using it
thanx
LBP

0

Try doing this:

Please download the OTMoveIt.

  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\All Users\Application Data\Real Send Film Bat


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then Keep on doing the rest of instructions.

0

Ok next probelm... i cant seem to get the exe from the websie u gave me to run.. my windows keeps saying that it is a invalid .exe
LBP

0

Strange, it should work fine..

Reboot your computer into Safemode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now Try to delete this folder:

C:\Documents and Settings\All Users\Application Data\Real Send Film Bat

0

sorry i guess i should have been more specific the... the exe u sent me to remove the file worked fine i am talking abot the exe for java that is not working

0

problems problems... for some reason i cannot seem to get internet explorer to connect to any websites even though mozilla seems to be working fine. so i cannot do the kapersky scan
any help you can give me would be appreciated
thanx
LBP

0

Ermm, Are you sure there's no issues with your ADSL Modem?

Have you tried Re-installing Mozilla?

Thanks.

0

ya my modem is workin fine because i have a couple computers running on one connection and they all seem to not have a problem with internet exlorer its just me and no i have not tried to reinstall internet explorer.

0

Hmm, That's does not sound like a Malware related problem anymore.

Let me figure this out, i'll be back ;)

0

ok.. just a little update for ya my problem with mozilla not connecting to websites went away after i did most of those steps u gave me to do. and then after that as i told u already the whole internet explorer not connecting problem came up... so i just tried to reinstall internet explorer and i still cannot connect.. i am running outpost firewall and i checked to make sure that internet explorer was allowed and it is and i also checked windows firewall for the same thing internet explorer is also allowed in that. so ya i just wanted to give u a quick update on the situation
thanx for the help
LBP

0

as i said in my last post it is working in mozilla now... but not in internet explorer and my gmail checker.
LBP

0

Logfile of HijackThis v1.99.1
Scan saved at 4:04:48 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Mp3tag\Mp3tagQuickPick.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Hjt\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 60.208.64.177:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - G:\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - G:\FlashFXP\IEFlash.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [trans store] C:\DOCUME~1\Craig\APPLIC~1\PLAYUP~1\gram mess.exe
O4 - Global Startup: Mp3tag Quick Pick.lnk = C:\Program Files\Mp3tag\Mp3tagQuickPick.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all links using BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113694423343
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15021/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Stateless Packet Filtering (PktFilter) - Unknown owner - C:\Documents and Settings\Craig\Desktop\pktfltsrv.exe (file missing)
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe

0

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


  • Disable and Enable System Restore.

If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

Windows XP System Restore Guide

Reenable system restore with instructions from tutorial above

[*]Make your Internet Explorer more secure - This can be done by following these simple instructions:
[*]From within Internet Explorer click on the Tools menu and then click on Options.
[*]Click once on the Security tab
[*]Click once on the Internet icon so it becomes highlighted.
[*]Click once on the Custom Level button.

  1. Change the Download signed ActiveX controls to Prompt
  2. Change the Download unsigned ActiveX controls to Disable
  3. Change the Initialize and script ActiveX controls not marked as safe to Disable
  4. Change the Installation of desktop items to Prompt
  5. Change the Launching programs and files in an IFRAME to Prompt
  6. Change the Navigate sub-frames across different domains to Prompt
  7. When all these settings have been made, click on the OK button.
  8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

[*]Next press the Apply button and then the OK to exit the Internet Properties page.

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install AVG Anti-Spyware - Install and download AVG Anti-Spyware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using AVG Anti-Spyware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

Let me know if you still receive problems :)

We may have to Contanct a mod to Move this topic to another part of the forums because you Network problem does not seem to be related to Spyware or Viruses.

Thanks.

0

OK i figured out why my internet explorer wasnt working. it seems that the problem was that according to my setting i was running using it with a proxy server which i dont even remember setting up btw. but i just unchecked the box that said use this proxy server and now it works along with my mail notifier. thanx for your help
LBP

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.